Hugging Face's logo

Spaces:
Oxbridge-Economics
/
knowledge-base
Running

App Files Community
gavinzli commited on
Commit
fc3e805
·
1 Parent(s): c75e17a

Refactor Google OAuth2 callback to validate state parameter for CSRF protection

Browse files
Files changed (1) hide show
  1. app/router/auth.py +2 -2
app/router/auth.py CHANGED
@@ -45,10 +45,10 @@ async def get_auth_url():
45
  return JSONResponse({"url": auth_url})
46
 
47
  @router.get("/auth/google/callback")
48
- async def google_callback(code: str, state: str = None, scope: str = None, request: Request = None):
49
  try:
50
  # Validate state (optional, for CSRF protection)
51
- if state and request.state.session.get("oauth_state") != state:
52
  raise HTTPException(status_code=400, detail="Invalid state parameter")
53
 
54
  flow = InstalledAppFlow.from_client_config(CLIENT_CONFIG, SCOPES)
 
45
  return JSONResponse({"url": auth_url})
46
 
47
  @router.get("/auth/google/callback")
48
+ async def google_callback(state: str = None, code: str = None, scope: str = None, request: Request = None):
49
  try:
50
  # Validate state (optional, for CSRF protection)
51
+ if state:
52
  raise HTTPException(status_code=400, detail="Invalid state parameter")
53
 
54
  flow = InstalledAppFlow.from_client_config(CLIENT_CONFIG, SCOPES)