This repository has been archived on 2026-02-24. You can view files and clone it. You cannot open issues or pull requests or push a commit.

giles de93dfdc73 Device cookie + internal endpoint for auth state detection ...

Each client app sets a persistent first-party device cookie ({app}_did).
On each request:
- Logged in: verify grant via account internal endpoint (cached 60s)
- Not logged in + device cookie: check-device endpoint detects if user
  logged in since last grant revocation → triggers OAuth automatically
No cross-domain cookies. No propagation chain. Each app checks independently.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-23 12:50:43 +00:00

..

__init__.py

feat: extract shared infrastructure from shared_lib

2026-02-11 12:45:56 +00:00

cart_identity.py

feat: extract shared infrastructure from shared_lib

2026-02-11 12:45:56 +00:00

context.py

feat: extract shared infrastructure from shared_lib

2026-02-11 12:45:56 +00:00

factory.py

Device cookie + internal endpoint for auth state detection

2026-02-23 12:50:43 +00:00

http_utils.py

feat: extract shared infrastructure from shared_lib

2026-02-11 12:45:56 +00:00

jinja_setup.py

OAuth SSO infrastructure + account app support

2026-02-23 09:55:27 +00:00

oauth.py

Device cookie + internal endpoint for auth state detection

2026-02-23 12:50:43 +00:00

urls.py

Make account the OAuth authorization server instead of federation

2026-02-23 11:53:34 +00:00

user_loader.py

feat: extract shared infrastructure from shared_lib

2026-02-11 12:45:56 +00:00