OAuth SSO infrastructure + account app support

- OAuthCode model + migration for authorization code flow - OAuth client blueprint (auto-registered for non-federation apps) - Per-app first-party session cookies (fixes Safari ITP) - /oauth/authorize endpoint support in URL helpers - account_url() helper + Jinja global - Templates: federation_url('/auth/...') → account_url('/...') - Widget registry: account page links use account_url Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-23 09:55:27 +00:00
parent 326b380135
commit 46f44f6171
14 changed files with 236 additions and 27 deletions
--- a/services/widget_registry.py
+++ b/services/widget_registry.py
@@ -48,8 +48,8 @@ class _WidgetRegistry:
        slug = w.slug

        def _href(s=slug):
-            from shared.infrastructure.urls import federation_url
-            return federation_url(f"/auth/{s}/")
+            from shared.infrastructure.urls import account_url
+            return account_url(f"/{s}/")

        self._account_nav.append(AccountNavLink(
            label=w.label,