fix: set auth cookie during oauth login

e011e7b6 · Jun Siang Cheah · 416e8d1e · e011e7b6
Commit e011e7b6 authored Jun 21, 2024 by Jun Siang Cheah
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 1 deletion

backend/main.py backend/main.py +8 -1

No files found.
--- a/backend/main.py
+++ b/backend/main.py
@@ -1870,7 +1870,7 @@ async def oauth_login(provider: str, request: Request):
 @app.get("/oauth/{provider}/callback")
-async def oauth_callback(provider: str, request: Request):
+async def oauth_callback(provider: str, request: Request, response: Response):
    if provider not in OAUTH_PROVIDERS:
        raise HTTPException(404)
    client = oauth.create_client(provider)
@@ -1953,6 +1953,13 @@ async def oauth_callback(provider: str, request: Request):
        expires_delta=parse_duration(webui_app.state.config.JWT_EXPIRES_IN),
    )
+    # Set the cookie token
+    response.set_cookie(
+        key="token",
+        value=token,
+        httponly=True,  # Ensures the cookie is not accessible via JavaScript
+    )
    # Redirect back to the frontend with the JWT token
    redirect_url = f"{request.base_url}auth#token={jwt_token}"
    return RedirectResponse(url=redirect_url)