From d0a5170cd9d27210840255e283c4fa89f9c5fad5 Mon Sep 17 00:00:00 2001
From: giles <giles.bradshaw@sigyl.com>
Date: Mon, 23 Feb 2026 11:15:14 +0000
Subject: [PATCH] Fix logout: redirect to blog home to avoid re-auth loop

Account's / requires login, so redirecting there after logout
triggers silent OAuth re-authentication. Blog home is safe.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 infrastructure/oauth.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/infrastructure/oauth.py b/infrastructure/oauth.py
index 56062ce..d105ec0 100644
--- a/infrastructure/oauth.py
+++ b/infrastructure/oauth.py
@@ -125,6 +125,8 @@ def create_oauth_blueprint(app_name: str) -> Blueprint:
     async def logout():
         qsession.pop(SESSION_USER_KEY, None)
         qsession.pop("cart_sid", None)
-        return redirect("/")
+        # Redirect to blog home — avoids re-auth loop on apps that require login
+        from shared.infrastructure.urls import blog_url
+        return redirect(blog_url("/"))
 
     return bp