Use encrypted cookie sessions

live_prototype.py

@@ -481,7 +481,9 @@ def _auth_payload(
     settings: Settings,
 ) -> dict[str, object]:
     oauth_configured = bool(
-        settings.forgejo_oauth_client_id and settings.forgejo_oauth_client_secret
+        settings.auth_secret_key
+        and settings.forgejo_oauth_client_id
+        and settings.forgejo_oauth_client_secret
     )
     if not user:
         return {