This repository has been archived on 2026-02-24. You can view files and clone it. You cannot open issues or pull requests or push a commit.

giles 6bb26522a1 Add OAuth grants for per-device session revocation ...

- OAuthGrant model tracks each client authorization, tied to the
  account session (issuer_session) that issued it
- OAuth authorize creates grant + code together
- Client apps store grant_token in session, verify via account's
  internal /auth/internal/verify-grant endpoint (Redis-cached 60s)
- Account logout revokes only grants from that device's session
- Replaces iframe-based logout with server-side grant revocation

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-23 12:30:08 +00:00

1.1 KiB

Raw Blame History

View Raw