Summary
OAuth/headless email verification can return a generic 503 when the pending registration email already exists in the tenant.
Evidence
Cloud Run prod logs showed repeated failures around 2026-05-02T12:12-12:15Z:
POST /api/auth/verify-email 503
Database error: duplicate key value violates unique constraint "idx_users_email_tenant"
The failure repeated on retry because the pending OAuth verification record was not resolved after the insert failed.
Suspected Cause
verify_email checks whether the user exists by pubkey before inserting into users, but the unique constraint that fails is email+tenant:
let user_already_exists = user_repo.exists(&oauth_data.user_pubkey, tenant_id).await?;
If another user already has pending_email, the insert into users fails with idx_users_email_tenant.
Acceptance Criteria
- Duplicate email during OAuth/headless email verification is handled as a conflict or idempotent verified state, not as a 503.
- The pending verification state does not get stuck in a retry loop.
- Add coverage for retrying email verification when the email already exists in the tenant.
Summary
OAuth/headless email verification can return a generic 503 when the pending registration email already exists in the tenant.
Evidence
Cloud Run prod logs showed repeated failures around 2026-05-02T12:12-12:15Z:
The failure repeated on retry because the pending OAuth verification record was not resolved after the insert failed.
Suspected Cause
verify_emailchecks whether the user exists by pubkey before inserting intousers, but the unique constraint that fails is email+tenant:If another user already has
pending_email, the insert intousersfails withidx_users_email_tenant.Acceptance Criteria