Skip to content

angee.iam_integrate_oidc.schema

GraphQL surface for the OIDC login addon.

OIDC, end to end: the public login/link redirect flow + login-provider picker. It extends integrate's OAuth (the substrate types, the OAuth protocol, the browser-flow plumbing) and composes the iam session — connect-for-API and the OAuth base stay in integrate and never reference any of this.

AvailableConnection

python
@strawberry.type
class AvailableConnection(ConnectableAccount)

Picker-safe OAuth client fields for the public OIDC login picker.

is_oidc

python
@strawberry.field
def is_oidc() -> bool

Return whether this connection can run OIDC login/link flows (always true here).

LoginCompletePayload

python
@strawberry.type
class LoginCompletePayload()

Result returned by OIDC login completion.

LinkAccountResult

python
@strawberry.type
class LinkAccountResult()

Result returned by OIDC account-link completion.

OidcLoginQuery

python
@strawberry.type
class OidcLoginQuery()

Public picker of login-capable OIDC providers.

OidcLoginMutation

python
@strawberry.type
class OidcLoginMutation()

OIDC login and authenticated account-link mutations.

login_start

python
@strawberry.mutation
def login_start(info: strawberry.Info,
                oauth_client_sqid: str,
                redirect_uri: str,
                next: str = "/") -> OAuthStartPayload

Start an OIDC login flow for an enabled login-capable OAuth client.

login_complete

python
@strawberry.mutation
def login_complete(info: strawberry.Info, code: str, state: str,
                   redirect_uri: str) -> LoginCompletePayload

Complete an OIDC login flow and bind the user to the session.

python
@strawberry.mutation
def link_account_start(info: strawberry.Info,
                       oauth_client_sqid: str,
                       redirect_uri: str,
                       next: str = "/") -> OAuthStartPayload

Start an authenticated OIDC account-link flow.

python
@strawberry.mutation
def link_account_complete(info: strawberry.Info, code: str, state: str,
                          redirect_uri: str) -> LinkAccountResult

Complete an authenticated OIDC account-link flow.

OAuthClientOidcExtension

python
@strawberry_django.type(OAuthClient, name="OAuthClientType", extend=True)
class OAuthClientOidcExtension()

Contributes OIDC login fields onto integrate's OAuthClientType.

The composer has already folded the model extension into the runtime OAuthClient class, so these fields read as native scalar fields.

allowed_email_domains

python
@strawberry_django.field(only=["allowed_email_domains"])
def allowed_email_domains() -> list[str]

Return the login domain allow-list.

schemas

GraphQL contributions installed by the OIDC login addon.

Released under the AGPL-3.0 License.