Fix: Frontend auth state detection for backend OAuth

🐛 Problem:
- Backend OAuth callback successful but frontend still shows login modal
- Frontend only checked localStorage, not backend session cookies
- User authenticated in backend but frontend remains in logged-out state

✅ Solution:
- Added backend session status check to AuthContext.checkAuthStatus()
- Frontend now queries /auth/status API with credentials:include
- Converts backend user format to frontend OAuth format
- Synchronizes session data to localStorage for consistency

🔧 Technical Changes:
Frontend AuthContext:
- Primary: Check backend session via /auth/status endpoint
- Secondary: Check localStorage for persisted auth state
- Fallback: Handle OAuth callback redirects
- Added proper TypeScript types (scope, emailVerified fields)

Backend Session Integration:
- Frontend reads session cookies from OAuth callback
- Converts backend user object to OAuthResult format
- Maintains token expiration and user info consistency

🎯 Flow Now:
1. User authorizes with HF → backend saves to session
2. Frontend loads → checks backend session first
3. If session exists → sets frontend auth state
4. Modal closes → user sees authenticated app

📋 Expected Result:
- After OAuth redirect, frontend automatically detects login
- No more persistent login modal after successful auth
- Seamless transition from login to authenticated app

frontend/src/context/AuthContext.tsx

@@ -99,7 +99,47 @@ export function AuthProvider({ children }: { children: ReactNode }) {
     try {
       dispatch({ type: "SET_LOADING", payload: true });
 
-      // First check localStorage for existing oauth data
+      // First check backend session for existing authentication
+      try {
+        const response = await fetch("/auth/status", {
+          credentials: "include", // Include session cookies
+        });
+
+        if (response.ok) {
+          const statusData = await response.json();
+          if (statusData.authenticated && statusData.user) {
+            console.log("🔓 Found existing backend session authentication");
+
+            // Convert backend user format to our OAuth format
+            const oauthResult: OAuthResult = {
+              userInfo: {
+                id: statusData.user.id,
+                name: statusData.user.name || statusData.user.username,
+                fullname: statusData.user.name || statusData.user.username,
+                email: statusData.user.email,
+                emailVerified: false,
+                avatarUrl: statusData.user.avatar_url,
+                orgs: [],
+                isPro: false,
+              },
+              accessToken: statusData.user.access_token || "session_token",
+              accessTokenExpiresAt: new Date(
+                Date.now() + 24 * 60 * 60 * 1000
+              ).toISOString(), // 24 hours
+              scope: "openid profile read-repos", // Backend authenticated users have these scopes
+            };
+
+            dispatch({ type: "AUTH_SUCCESS", payload: oauthResult });
+            // Also save to localStorage for consistency
+            localStorage.setItem(STORAGE_KEY, JSON.stringify(oauthResult));
+            return;
+          }
+        }
+      } catch (error) {
+        console.log("🔍 No backend session found, checking localStorage");
+      }
+
+      // Second, check localStorage for existing oauth data
       const stored = localStorage.getItem(STORAGE_KEY);
       if (stored) {
         try {
@@ -124,41 +164,26 @@ export function AuthProvider({ children }: { children: ReactNode }) {
       const state = urlParams.get("state");
       const storedState = localStorage.getItem("oauth_state");
 
-      if (code && state && state === storedState) {
-        console.log("🔐 OAuth callback detected, exchanging code for token");
+      if (code && state) {
+        console.log(
+          "🔐 OAuth callback detected - backend should have handled this"
+        );
 
-        // Clear OAuth state
+        // Clear OAuth state from localStorage
         localStorage.removeItem("oauth_state");
 
-        // For HF Spaces direct OAuth, we'll simulate a successful auth
-        // In a real implementation, you'd exchange the code for a token
-        const mockUserInfo: UserInfo = {
-          id: "hf_user_" + Date.now(),
-          name: "Hugging Face User",
-          fullname: "HF User",
-          email: "user@example.com",
-          emailVerified: false,
-          avatarUrl: undefined,
-          isPro: false,
-          orgs: [],
-        };
-
-        const normalizedResult: OAuthResult = {
-          accessToken: `hf_mock_token_${Date.now()}`,
-          accessTokenExpiresAt: new Date(Date.now() + 3600000).toISOString(), // 1 hour
-          userInfo: mockUserInfo,
-          scope: "openid profile read-repos",
-        };
-
-        localStorage.setItem(STORAGE_KEY, JSON.stringify(normalizedResult));
-        dispatch({ type: "AUTH_SUCCESS", payload: normalizedResult });
-
-        // Clean up URL
+        // Clean up URL parameters since backend handled the OAuth
         window.history.replaceState(
           {},
           document.title,
           window.location.pathname
         );
+
+        // Recheck auth status to pick up the backend session
+        setTimeout(() => {
+          checkAuthStatus();
+        }, 100);
+        return;
       } else {
         // No OAuth redirect found, check if we need to show auth modal