coop/rose-ash
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix OAuth token exchange: use internal URL, add error logging

Browse Source 
The server-to-server token exchange was hitting the external URL
(https://account.rose-ash.com/...) which can fail from inside Docker
due to DNS/hairpin NAT. Now uses INTERNAL_URL_ACCOUNT (already set in
both docker-compose files) for the POST. Adds logging at all three
failure points so silent redirects are diagnosable.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
giles
2026-02-25 01:20:41 +00:00
parent 3dde4e79ab
commit b45a2b6c10
4 changed files with 32 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
l2/app/config.py
View File

@@ -41,6 +41,9 @@ class Settings:
oauth_logout_url: str = os.environ.get("OAUTH_LOGOUT_URL", "https://account.rose-ash.com/auth/sso-logout/")
secret_key: str = os.environ.get("SECRET_KEY", "change-me-in-production")
# Internal account URL for server-to-server token exchange (avoids external DNS/TLS)
internal_account_url: str = os.environ.get("INTERNAL_URL_ACCOUNT", "")
def __post_init__(self):
# Parse L1 servers
l1_str = os.environ.get("L1_SERVERS", "https://celery-artdag.rose-ash.com")