feat: Enhance OAuth2 flow with temporary code exchange and update cookie handling

tests/api/v1/test_auth_endpoints.py

@@ -65,9 +65,11 @@ class TestAuthEndpoints:
         assert data["credits"] > 0
         assert "plan" in data
 
-        # Check cookies are set
-        assert "access_token" in response.cookies
-        assert "refresh_token" in response.cookies
+        # Check cookies are set - HTTPX AsyncClient preserves Set-Cookie headers
+        set_cookie_headers = response.headers.get_list("set-cookie")
+        cookie_names = [header.split("=")[0] for header in set_cookie_headers]
+        assert "access_token" in cookie_names
+        assert "refresh_token" in cookie_names
 
     @pytest.mark.asyncio
     async def test_register_duplicate_email(
@@ -140,9 +142,11 @@ class TestAuthEndpoints:
         assert "role" in data
         assert data["is_active"] is True
 
-        # Check cookies are set
-        assert "access_token" in response.cookies
-        assert "refresh_token" in response.cookies
+        # Check cookies are set - HTTPX AsyncClient preserves Set-Cookie headers
+        set_cookie_headers = response.headers.get_list("set-cookie")
+        cookie_names = [header.split("=")[0] for header in set_cookie_headers]
+        assert "access_token" in cookie_names
+        assert "refresh_token" in cookie_names
 
     @pytest.mark.asyncio
     async def test_login_invalid_email(self, test_client: AsyncClient) -> None:
@@ -202,7 +206,7 @@ class TestAuthEndpoints:
         """Test getting current user without authentication token."""
         response = await test_client.get("/api/v1/auth/me")
 
-        assert response.status_code == 422  # Validation error (no cookie provided)
+        assert response.status_code == 401  # Unauthorized (no cookie provided)
 
     @pytest.mark.asyncio
     async def test_get_current_user_invalid_token(
@@ -386,9 +390,10 @@ class TestAuthEndpoints:
                 follow_redirects=False,
             )
 
-            # OAuth callback should successfully process and redirect to frontend
+            # OAuth callback should successfully process and redirect to frontend with temp code
             assert response.status_code == 302
-            assert response.headers["location"] == "http://localhost:8001/?auth=success"
+            location = response.headers["location"]
+            assert location.startswith("http://localhost:8001/auth/callback?code=")
 
             # The fact that we get a 302 redirect means the OAuth login was successful
             # Detailed cookie testing can be done in integration tests
@@ -417,9 +422,10 @@ class TestAuthEndpoints:
                 follow_redirects=False,
             )
 
-            # OAuth callback should successfully process and redirect to frontend
+            # OAuth callback should successfully process and redirect to frontend with temp code
             assert response.status_code == 302
-            assert response.headers["location"] == "http://localhost:8001/?auth=success"
+            location = response.headers["location"]
+            assert location.startswith("http://localhost:8001/auth/callback?code=")
 
             # The fact that we get a 302 redirect means the OAuth login was successful
             # Detailed cookie testing can be done in integration tests