From 9a637c6227e5238ea9539801f9f7d01e97b53872 Mon Sep 17 00:00:00 2001
From: giles <giles.bradshaw@sigyl.com>
Date: Mon, 23 Feb 2026 12:21:14 +0000
Subject: [PATCH] sso-clear returns 204 for iframe-based logout

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 infrastructure/oauth.py | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/infrastructure/oauth.py b/infrastructure/oauth.py
index 61bdb14..cd20d0b 100644
--- a/infrastructure/oauth.py
+++ b/infrastructure/oauth.py
@@ -132,11 +132,10 @@ def create_oauth_blueprint(app_name: str) -> Blueprint:
     @bp.get("/sso-clear")
     @bp.get("/sso-clear/")
     async def sso_clear():
-        """Clear local session, then redirect to next app in logout chain."""
+        """Clear local session. Called via hidden iframe from account logout."""
         qsession.pop(SESSION_USER_KEY, None)
         qsession.pop("cart_sid", None)
-        next_url = request.args.get("next", "/")
-        return redirect(next_url)
+        return "", 204
 
     @bp.post("/logout")
     @bp.post("/logout/")