angee.integrate.oauth.state
Single-use redirect state records stored in Django's cache.
Shared by every browser redirect flow: account-connect (OAuth) and login/link (OIDC). State is keyed on the OAuthClient the picker selected; the OIDC layer loads that client's oidc refinement when completing a login.
StateFlow
python
class StateFlow(StrEnum)Which redirect mutation may consume one state token.
A token minted for a login must not complete a link/connect (and vice versa); the completion path fails closed when the flow does not match, so a leaked state cannot be replayed across flows.
StateRecord
python
@dataclass(frozen=True, slots=True)
class StateRecord()Cached data needed to complete one OAuth/OIDC redirect.
issue
python
def issue(oauth_client: object,
redirect_uri: str,
*,
user_id: str | None = None,
next_path: str = "",
flow: StateFlow = StateFlow.LOGIN,
integration_id: str = "") -> tuple[str, StateRecord]Create and cache one single-use redirect state record.
consume
python
def consume(state_token: str) -> StateRecordReturn and remove one cached state record.