coop/shared
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Make account the OAuth authorization server instead of federation

Browse Source 
All client apps (including federation) now redirect to account for OAuth.
Factory excludes account from OAuth client blueprint registration.
SSO logout chains through account instead of federation.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
giles
2026-02-23 11:53:34 +00:00
parent 60cd08adc9
commit dfc41ada7d
3 changed files with 14 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
infrastructure/factory.py
View File

@@ -101,8 +101,9 @@ def create_base_app(
setup_jinja(app)
errors(app)
# Auto-register OAuth client blueprint for non-federation apps
if name != "federation":
# Auto-register OAuth client blueprint for non-account apps
# (account is the OAuth authorization server)
if name != "account":
from shared.infrastructure.oauth import create_oauth_blueprint
app.register_blueprint(create_oauth_blueprint(name))
@@ -122,8 +123,8 @@ def create_base_app(
for fn in before_request_fns:
app.before_request(fn)
# Silent SSO: if federation set sso_hint cookie, trigger OAuth once
if name != "federation":
# Silent SSO: if account set sso_hint cookie, trigger OAuth once
if name != "account":
from urllib.parse import quote as _quote
@app.before_request