Skip to content

angee.iam_integrate_oidc.signals

Sign-in safety guard wired when the OIDC login addon is installed.

integrate owns account disconnect generically and knows nothing about login. This addon adds the one login rule it must respect: a user who can only sign in through OIDC may not delete their last sign-in credential. It enforces that with a pre_delete veto on the credential, so the generic disconnect path surfaces it as a typed error rather than stranding the user.

connect

python
def connect() -> None

Wire the last-sign-in guard onto the concrete credential model.

Deferred via lazy_model_operation so it binds whenever the concrete integrate.Credential becomes available — at app population in the composed runtime, or later (e.g. test-defined models) in a bare settings module.

guard_last_sign_in

python
def guard_last_sign_in(sender: Any, instance: Any, **kwargs: Any) -> None

Veto deleting a user's last OIDC sign-in credential.

Released under the AGPL-3.0 License.