refactor(auth): remove redirect_uri from OAuth flow initiation

Remove redirect_uri parameter from initiate_login_flow, initiate_register_flow, and initiate_link_flow functions.
2026-04-06 23:50:20 +09:30
parent 6325d60097
commit 51b89fb885
2 changed files with 3 additions and 6 deletions
@@ -18,7 +18,6 @@ logger = logging.getLogger(__name__)
@api_v1_bp.route("/auth/external/<provider>/authorize", methods=["GET"])
 def initiate_oauth_authorize(provider: str):
    flow = request.args.get("flow", "login")
-    redirect_uri = request.args.get("redirect_uri")
    organization_id = request.args.get("organization_id")
    oidc_session_id = request.args.get("oidc_session_id")

@@ -29,11 +28,11 @@ def initiate_oauth_authorize(provider: str):
        provider_type = get_provider_type(provider)
        if flow == "login":
            auth_url, state = OAuthFlowService.initiate_login_flow(
-                provider_type=provider_type, organization_id=organization_id, redirect_uri=redirect_uri,
+                provider_type=provider_type, organization_id=organization_id,
            )
        else:
            auth_url, state = OAuthFlowService.initiate_register_flow(
-                provider_type=provider_type, organization_id=organization_id, redirect_uri=redirect_uri,
+                provider_type=provider_type, organization_id=organization_id,
            )

        if oidc_session_id:
@@ -171,13 +171,11 @@ def initiate_link_account(provider: str):

    user_orgs = g.current_user.get_organizations()
    organization_id = user_orgs[0].id if user_orgs else None
-    data = request.json or {}
-    redirect_uri = data.get("redirect_uri")

    try:
        auth_url, state = ExternalAuthService.initiate_link_flow(
            user_id=g.current_user.id, provider_type=provider_type,
-            organization_id=organization_id, redirect_uri=redirect_uri,
+            organization_id=organization_id,
        )
        return api_response(data={"authorization_url": auth_url, "state": state}, message="Link flow initiated. Redirect to authorization URL.")
    except ExternalAuthError as e: