youngkingdom/dify
1
0
Fork 0
mirror of https://github.com/langgenius/dify.git synced 2026-05-27 12:26:15 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
eb5ef3dba5d3548d4ba3ee357ce9e717a493e79b
dify/api/controllers/oauth_device_sso.py
GareArc 2a38df2b7f refactor(api): consolidate openapi/oauth_device into per-domain modules 
Match the existing api-group convention: one module per resource family
with multiple Resource classes per file (cf service_api/dataset/dataset.py
with 7 routes, console/auth/oauth_device.py with 2 before this branch).

The Phase B-D fragmentation (one file per route under
controllers/openapi/oauth_device/) was inconsistent with the codebase.
Collapse into:

  controllers/openapi/oauth_device.py        (5 routes: code, token,
                                              lookup, approve, deny —
                                              account branch)
  controllers/openapi/oauth_device_sso.py    (4 routes: sso-initiate,
                                              sso-complete,
                                              approval-context,
                                              approve-external —
                                              EE-only SSO branch)

The split mirrors the original pre-migration layout: account branch in
console/auth/oauth_device.py, SSO branch in controllers/oauth_device_sso.py
(root). Both legacy mount files updated to import from the new modules.

No behavior change; 59 tests still green. Test files updated to import
from the consolidated module paths.

Plan: docs/superpowers/plans/2026-04-26-openapi-migration.md (in difyctl repo).
2026-04-27 00:07:15 -07:00

51 lines
1.4 KiB
Python
Raw Blame History

"""Legacy /v1/* mounts for SSO-branch device-flow endpoints. Canonical
handlers live in controllers/openapi/oauth_device_sso.py. This file
just re-registers them on the legacy blueprint until Phase F retires
the legacy paths entirely.
Note: /v1/device/sso-complete (no /oauth/ in the path) is the existing
ACS callback. Its canonical home is /openapi/v1/oauth/device/sso-complete.
IdP-side ACS callback URLs need re-registration before Phase F.
"""
from __future__ import annotations
from flask import Blueprint
from controllers.openapi.oauth_device_sso import (
approval_context,
approve_external,
sso_complete,
sso_initiate,
)
from libs.device_flow_security import attach_anti_framing
bp = Blueprint("oauth_device_sso", __name__, url_prefix="/v1")
attach_anti_framing(bp)
# Legacy /v1/* mounts — handlers live in controllers/openapi/oauth_device_sso.py.
# Removed in Phase F.
bp.add_url_rule(
"/oauth/device/sso-initiate",
endpoint="sso_initiate",
view_func=sso_initiate,
methods=["GET"],
)
bp.add_url_rule(
"/device/sso-complete",
endpoint="sso_complete",
view_func=sso_complete,
methods=["GET"],
)
bp.add_url_rule(
"/oauth/device/approval-context",
endpoint="approval_context",
view_func=approval_context,
methods=["GET"],
)
bp.add_url_rule(
"/oauth/device/approve-external",
endpoint="approve_external",
view_func=approve_external,
methods=["POST"],
)
Reference in New Issue View Git Blame Copy Permalink