Skip to content

angee.integrate.oauth.flow

Browser redirect-flow orchestration shared by connect and OIDC login.

The single owner of the OAuth/OIDC browser round-trip plumbing: issuing and session-binding single-use state, resolving the proposed redirect, the PKCE challenge, and re-loading the enabled OAuthClient a pending state names. The connect flow (this addon) and the login/link flow (iam_integrate_oidc) both build their start/complete on these; only the authorize-URL and claim handling differ between them (OAuth vs OIDC protocol).

issue_flow

python
def issue_flow(
        request: HttpRequest,
        oauth_client: Any,
        redirect_uri: str,
        *,
        user_id: str | None = None,
        next_path: str = "/",
        flow: state.StateFlow = state.StateFlow.CONNECT,
        integration_id: str = "") -> tuple[str, state.StateRecord, str, str]

Issue and session-bind state for one redirect flow.

Returns (state_token, record, effective_redirect_uri, mode). The client owns whether the browser-proposed redirect works or a manual paste is needed; the effective redirect is what we issue, sign, and exchange.

remembered_oauth_client

python
def remembered_oauth_client(request: HttpRequest, state_token: str) -> Any

Return the enabled, session-bound OAuth client for one pending state token.

consume_validated_state

python
def consume_validated_state(
        oauth_client: Any, state_token: str, redirect_uri: str, *,
        expected_flow: state.StateFlow) -> state.StateRecord

Consume one state record and fail closed when it does not match this flow.

enabled_oauth_client

python
def enabled_oauth_client(oauth_client_sqid: str) -> Any

Return one enabled OAuth client addressed by sqid, or raise.

coerce_next_path

python
def coerce_next_path(value: str, request: HttpRequest) -> str

Return a same-host post-flow redirect path, defaulting unsafe values to /.

pkce_challenge

python
def pkce_challenge(code_verifier: str | None) -> str | None

Return the S256 PKCE challenge for one verifier.

Released under the AGPL-3.0 License.