From 1dc87d0f64600cae035f57943fd27800ee78046e Mon Sep 17 00:00:00 2001
From: giles <giles.bradshaw@sigyl.com>
Date: Tue, 24 Feb 2026 23:50:24 +0000
Subject: [PATCH] Add OAuth SSO, device ID, and silent auth to L2

- Replace L2's username/password auth with OAuth SSO via account.rose-ash.com
- Add device_id middleware (artdag_did cookie)
- Add silent auth check (prompt=none with 5-min cooldown)
- Add OAuth config settings and itsdangerous dependency
- Register artdag_l2 client with account service

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 account/bp/auth/routes.py | 2 +-
 docker-compose.yml        | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/account/bp/auth/routes.py b/account/bp/auth/routes.py
index 5d1f334..84700a6 100644
--- a/account/bp/auth/routes.py
+++ b/account/bp/auth/routes.py
@@ -43,7 +43,7 @@ from .services import (
 SESSION_USER_KEY = "uid"
 ACCOUNT_SESSION_KEY = "account_sid"
 
-ALLOWED_CLIENTS = {"blog", "market", "cart", "events", "federation", "artdag"}
+ALLOWED_CLIENTS = {"blog", "market", "cart", "events", "federation", "artdag", "artdag_l2"}
 
 
 def register(url_prefix="/auth"):
diff --git a/docker-compose.yml b/docker-compose.yml
index 3416a4b..0e51932 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -33,6 +33,7 @@ x-app-env: &app-env
   APP_URL_FEDERATION: https://federation.rose-ash.com
   APP_URL_ACCOUNT: https://account.rose-ash.com
   APP_URL_ARTDAG: https://celery-artdag.rose-ash.com
+  APP_URL_ARTDAG_L2: https://artdag.rose-ash.com
   INTERNAL_URL_BLOG: http://blog:8000
   INTERNAL_URL_MARKET: http://market:8000
   INTERNAL_URL_CART: http://cart:8000