angee.iam_integrate_oidc.signals
Sign-in safety guard wired when the OIDC login addon is installed.
integrate owns account disconnect generically and knows nothing about login. This addon adds the one login rule it must respect: a user who can only sign in through OIDC may not delete their last sign-in credential. It enforces that with a pre_delete veto on the credential, so the generic disconnect path surfaces it as a typed error rather than stranding the user.
connect
def connect() -> NoneWire the last-sign-in guard onto the concrete credential model.
Deferred via lazy_model_operation so it binds whenever the concrete integrate.Credential becomes available — at app population in the composed runtime, or later (e.g. test-defined models) in a bare settings module.
guard_last_sign_in
def guard_last_sign_in(sender: Any, instance: Any, **kwargs: Any) -> NoneVeto deleting a user's last OIDC sign-in credential.