fix(oauth): prevent stale session timeouts after login

- stop callback forwarders by instance to avoid cross-session shutdowns
  - clear pending sessions for a provider after successful auth

internal/api/handlers/management/oauth_sessions.go

@@ -111,6 +111,27 @@ func (s *oauthSessionStore) Complete(state string) {
 	delete(s.sessions, state)
 }
 
+func (s *oauthSessionStore) CompleteProvider(provider string) int {
+	provider = strings.ToLower(strings.TrimSpace(provider))
+	if provider == "" {
+		return 0
+	}
+	now := time.Now()
+
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	s.purgeExpiredLocked(now)
+	removed := 0
+	for state, session := range s.sessions {
+		if strings.EqualFold(session.Provider, provider) {
+			delete(s.sessions, state)
+			removed++
+		}
+	}
+	return removed
+}
+
 func (s *oauthSessionStore) Get(state string) (oauthSession, bool) {
 	state = strings.TrimSpace(state)
 	now := time.Now()
@@ -153,6 +174,10 @@ func SetOAuthSessionError(state, message string) { oauthSessions.SetError(state,
 
 func CompleteOAuthSession(state string) { oauthSessions.Complete(state) }
 
+func CompleteOAuthSessionsByProvider(provider string) int {
+	return oauthSessions.CompleteProvider(provider)
+}
+
 func GetOAuthSession(state string) (provider string, status string, ok bool) {
 	session, ok := oauthSessions.Get(state)
 	if !ok {