Question
You're building 'Sign in with GitHub' (OAuth 2.0 authorization-code flow) from scratch in a Python/Flask app with an AI agent — no Auth0/passport, hand-rolled against GitHub's endpoints. Describe the build plan: the flow's steps, the security parameters you make non-negotiable, session handling, and acceptance criteria. What does a careless 'implement GitHub login' prompt leave dangerously wrong?
Treat the AI’s output as a draft to verify, not an answer to trust. Name the specific flaw and the input that triggers it, say how you’d catch it — tests, edge cases, reading critically — and how you’d re-prompt or decompose to get it right.
Vibe coding: describe the solution in plain language (or narrate it) and the coach grades your approach. Generating runnable code from your description is coming next.