From f486e02413231da9e87f1a89bf25e4fb2c120a44 Mon Sep 17 00:00:00 2001
From: giles <giles.bradshaw@rose-ash.com>
Date: Fri, 27 Feb 2026 11:04:00 +0000
Subject: [PATCH] Add orders to OAuth ALLOWED_CLIENTS

Checkout return from SumUp redirects to orders.rose-ash.com which needs
to authenticate via the account OAuth flow.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 account/bp/auth/routes.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/account/bp/auth/routes.py b/account/bp/auth/routes.py
index ed0b69b..ab6551c 100644
--- a/account/bp/auth/routes.py
+++ b/account/bp/auth/routes.py
@@ -45,7 +45,7 @@ from .services import (
 SESSION_USER_KEY = "uid"
 ACCOUNT_SESSION_KEY = "account_sid"
 
-ALLOWED_CLIENTS = {"blog", "market", "cart", "events", "federation", "artdag", "artdag_l2"}
+ALLOWED_CLIENTS = {"blog", "market", "cart", "events", "federation", "orders", "artdag", "artdag_l2"}
 
 
 def register(url_prefix="/auth"):