google sign in with oauth 2.0. no more console errors or warnings

frontend/src/services/api.ts

@@ -58,10 +58,12 @@ api.interceptors.request.use(async (config) => {
   if (["POST", "PUT", "DELETE", "PATCH"].includes(method)) {
     // If we don't have a CSRF token yet, try to fetch it
     if (!csrfToken) {
-      // Skip fetching for auth endpoints to avoid circular dependency
+      // Skip fetching for most auth endpoints to avoid circular dependency
+      // Exception: /auth/google needs CSRF token and should auto-fetch as fallback
       const isAuthEndpoint =
         config.url?.includes("/auth/") &&
-        !config.url?.includes("/auth/refresh");
+        !config.url?.includes("/auth/refresh") &&
+        !config.url?.includes("/auth/google");
       if (!isAuthEndpoint) {
         await fetchCSRFToken();
       }
@@ -90,6 +92,12 @@ api.interceptors.response.use(
         errorData?.code === "CSRF_TOKEN_MISMATCH" &&
         !originalRequest._csrfRetry
       ) {
+        // Don't retry OAuth endpoints - the authorization code is single-use
+        const isOAuthEndpoint = originalRequest.url?.includes("/auth/google");
+        if (isOAuthEndpoint) {
+          return Promise.reject(error);
+        }
+
         originalRequest._csrfRetry = true;
 
         // Try to fetch a new CSRF token and retry
@@ -153,7 +161,7 @@ api.interceptors.response.use(
 export const authAPI = {
   register: (data: any) => api.post("/auth/register", data),
   login: (data: any) => api.post("/auth/login", data),
-  googleLogin: (data: any) => api.post("/auth/google", data),
+  googleLogin: (code: string) => api.post("/auth/google", { code }),
   logout: () => api.post("/auth/logout"),
   refresh: () => api.post("/auth/refresh"),
   getCSRFToken: () => api.get("/auth/csrf-token"),