angee.iam_integrate_oidc.schema
GraphQL surface for the OIDC login addon.
OIDC, end to end: the public login/link redirect flow + login-provider picker. It extends integrate's OAuth (the substrate types, the OAuth protocol, the browser-flow plumbing) and composes the iam session — connect-for-API and the OAuth base stay in integrate and never reference any of this.
AvailableConnection
@strawberry.type
class AvailableConnection(ConnectableAccount)Picker-safe OAuth client fields for the public OIDC login picker.
is_oidc
@strawberry.field
def is_oidc() -> boolReturn whether this connection can run OIDC login/link flows (always true here).
LoginCompletePayload
@strawberry.type
class LoginCompletePayload()Result returned by OIDC login completion.
LinkAccountResult
@strawberry.type
class LinkAccountResult()Result returned by OIDC account-link completion.
OidcLoginQuery
@strawberry.type
class OidcLoginQuery()Public picker of login-capable OIDC providers.
OidcLoginMutation
@strawberry.type
class OidcLoginMutation()OIDC login and authenticated account-link mutations.
login_start
@strawberry.mutation
def login_start(info: strawberry.Info,
oauth_client_sqid: str,
redirect_uri: str,
next: str = "/") -> OAuthStartPayloadStart an OIDC login flow for an enabled login-capable OAuth client.
login_complete
@strawberry.mutation
def login_complete(info: strawberry.Info, code: str, state: str,
redirect_uri: str) -> LoginCompletePayloadComplete an OIDC login flow and bind the user to the session.
link_account_start
@strawberry.mutation
def link_account_start(info: strawberry.Info,
oauth_client_sqid: str,
redirect_uri: str,
next: str = "/") -> OAuthStartPayloadStart an authenticated OIDC account-link flow.
link_account_complete
@strawberry.mutation
def link_account_complete(info: strawberry.Info, code: str, state: str,
redirect_uri: str) -> LinkAccountResultComplete an authenticated OIDC account-link flow.
OAuthClientOidcExtension
@strawberry_django.type(OAuthClient, name="OAuthClientType", extend=True)
class OAuthClientOidcExtension()Contributes OIDC login fields onto integrate's OAuthClientType.
The composer has already folded the model extension into the runtime OAuthClient class, so these fields read as native scalar fields.
allowed_email_domains
@strawberry_django.field(only=["allowed_email_domains"])
def allowed_email_domains() -> list[str]Return the login domain allow-list.
schemas
GraphQL contributions installed by the OIDC login addon.