MCPcopy
hub / github.com/AgentOps-AI/agentops / auth_callback

Function auth_callback

app/api/agentops/auth/views.py:257–293  ·  view source on GitHub ↗

Serves the authentication callback page, which captures the tokens from the URL hash and forwards them to our auth_session endpoint. This view just serves the HTML page, which is a simple JavaScript app that captures the tokens from the URL hash and forwards them to our auth_sessio

(request: Request)

Source from the content-addressed store, hash-verified

255
256@public_route
257async def auth_callback(request: Request) -> HTMLResponse:
258 """
259 Serves the authentication callback page, which captures the tokens from the URL hash
260 and forwards them to our auth_session endpoint.
261
262 This view just serves the HTML page, which is a simple JavaScript app that
263 captures the tokens from the URL hash and forwards them to our auth_session endpoint.
264 """
265 # Content Security Policy headers prevent any scripts from running on the page,
266 # except those with the correct nonce
267 nonce = base64.b64encode(os.urandom(32)).decode('utf-8')
268 headers = {
269 'Content-Security-Policy': f"script-src 'nonce-{nonce}'",
270 'Referrer-Policy': 'no-referrer',
271 }
272
273 # Check if there's a redirect_to parameter in the query string
274 redirect_to = request.query_params.get('redirect_to')
275
276 # If no explicit redirect_to, check for invite parameter to construct the redirect
277 if not redirect_to:
278 invite_org_id = request.query_params.get('invite')
279 if invite_org_id:
280 redirect_to = f"{APP_URL}/settings/organization?invite={invite_org_id}"
281 else:
282 redirect_to = DASHBOARD_URL
283
284 # Ensure the redirect URL is to our app domain for security
285 if not redirect_to.startswith(APP_URL):
286 redirect_to = DASHBOARD_URL
287
288 template = templates.get_template('auth_callback.html')
289 content = template.render(
290 nonce=nonce, auth_session_url=reverse_path('auth_session'), dashboard_url=redirect_to
291 )
292
293 return HTMLResponse(content=content, headers=headers)
294
295
296def _create_session_for_response(response: Response, access_token: str) -> Response:

Callers

nothing calls this directly

Calls 3

reverse_pathFunction · 0.90
decodeMethod · 0.80
getMethod · 0.45

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…