fix: set auth cookie during oauth login

backend/main.py

@@ -1870,7 +1870,7 @@ async def oauth_login(provider: str, request: Request):
 
 
 @app.get("/oauth/{provider}/callback")
-async def oauth_callback(provider: str, request: Request):
+async def oauth_callback(provider: str, request: Request, response: Response):
     if provider not in OAUTH_PROVIDERS:
         raise HTTPException(404)
     client = oauth.create_client(provider)
@@ -1953,6 +1953,13 @@ async def oauth_callback(provider: str, request: Request):
         expires_delta=parse_duration(webui_app.state.config.JWT_EXPIRES_IN),
     )
 
+    # Set the cookie token
+    response.set_cookie(
+        key="token",
+        value=token,
+        httponly=True,  # Ensures the cookie is not accessible via JavaScript
+    )
+
     # Redirect back to the frontend with the JWT token
     redirect_url = f"{request.base_url}auth#token={jwt_token}"
     return RedirectResponse(url=redirect_url)