Silent SSO via sso_hint cookie
- Federation sets sso_hint=1 on .rose-ash.com after magic link login - Client apps: before_request checks sso_hint, triggers silent OAuth once per session (sso_checked flag prevents loops) - Logout clears sso_hint cookie on all apps Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
giles
@@ -125,8 +125,10 @@ def create_oauth_blueprint(app_name: str) -> Blueprint:
|
||||
async def logout():
|
||||
qsession.pop(SESSION_USER_KEY, None)
|
||||
qsession.pop("cart_sid", None)
|
||||
# Redirect to blog home — avoids re-auth loop on apps that require login
|
||||
qsession.pop("sso_checked", None)
|
||||
from shared.infrastructure.urls import blog_url
|
||||
return redirect(blog_url("/"))
|
||||
resp = redirect(blog_url("/"))
|
||||
resp.delete_cookie("sso_hint", domain=".rose-ash.com", path="/")
|
||||
return resp
|
||||
|
||||
return bp
|
||||
|
||||
Reference in New Issue
Block a user