diff --git a/backend/migrations/135_allow_email_oauth_provider_types.sql b/backend/migrations/135_allow_email_oauth_provider_types.sql
new file mode 100644
index 00000000..a04edd7c
--- /dev/null
+++ b/backend/migrations/135_allow_email_oauth_provider_types.sql
@@ -0,0 +1,27 @@
+ALTER TABLE users
+    DROP CONSTRAINT IF EXISTS users_signup_source_check;
+
+ALTER TABLE users
+    ADD CONSTRAINT users_signup_source_check
+    CHECK (signup_source IN ('email', 'linuxdo', 'wechat', 'oidc', 'github', 'google'));
+
+ALTER TABLE auth_identities
+    DROP CONSTRAINT IF EXISTS auth_identities_provider_type_check;
+
+ALTER TABLE auth_identities
+    ADD CONSTRAINT auth_identities_provider_type_check
+    CHECK (provider_type IN ('email', 'linuxdo', 'wechat', 'oidc', 'github', 'google'));
+
+ALTER TABLE auth_identity_channels
+    DROP CONSTRAINT IF EXISTS auth_identity_channels_provider_type_check;
+
+ALTER TABLE auth_identity_channels
+    ADD CONSTRAINT auth_identity_channels_provider_type_check
+    CHECK (provider_type IN ('email', 'linuxdo', 'wechat', 'oidc', 'github', 'google'));
+
+ALTER TABLE pending_auth_sessions
+    DROP CONSTRAINT IF EXISTS pending_auth_sessions_provider_type_check;
+
+ALTER TABLE pending_auth_sessions
+    ADD CONSTRAINT pending_auth_sessions_provider_type_check
+    CHECK (provider_type IN ('email', 'linuxdo', 'wechat', 'oidc', 'github', 'google'));
diff --git a/backend/migrations/auth_identity_payment_migrations_regression_test.go b/backend/migrations/auth_identity_payment_migrations_regression_test.go
index 99216296..d122a3b7 100644
--- a/backend/migrations/auth_identity_payment_migrations_regression_test.go
+++ b/backend/migrations/auth_identity_payment_migrations_regression_test.go
@@ -142,3 +142,16 @@ func TestMigration134AddsAffiliateLedgerAuditFieldsWithoutJSONCast(t *testing.T)
 	require.Contains(t, sql, "COUNT(*) OVER (PARTITION BY ual.id) AS ledger_match_count")
 	require.NotContains(t, sql, "detail::jsonb")
 }
+
+func TestMigration135AllowsGitHubAndGoogleAuthProviders(t *testing.T) {
+	content, err := FS.ReadFile("135_allow_email_oauth_provider_types.sql")
+	require.NoError(t, err)
+
+	sql := string(content)
+	require.Contains(t, sql, "users_signup_source_check")
+	require.Contains(t, sql, "auth_identities_provider_type_check")
+	require.Contains(t, sql, "auth_identity_channels_provider_type_check")
+	require.Contains(t, sql, "pending_auth_sessions_provider_type_check")
+	require.Contains(t, sql, "'github'")
+	require.Contains(t, sql, "'google'")
+}