OAuth¶
obsidian_palace.auth.oauth
¶
OAuth 2.0 token validation middleware.
Validates Google OAuth tokens on incoming requests and restricts access to a single allowed email address (Eli's personal account).
logger = logging.getLogger(__name__)
module-attribute
¶
GOOGLE_USERINFO_URL = 'https://www.googleapis.com/oauth2/v3/userinfo'
module-attribute
¶
validate_oauth_token(request: Request) -> dict[str, str]
async
¶
Extract and validate the OAuth bearer token from the request.
Calls Google's userinfo endpoint to verify the token and checks that the authenticated email matches the allowed email.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
request
|
Request
|
The incoming FastAPI request. |
required |
Returns:
| Type | Description |
|---|---|
dict[str, str]
|
The Google userinfo payload (email, name, etc.). |
Raises:
| Type | Description |
|---|---|
HTTPException
|
If the token is missing, invalid, or the email is not in the allowed list. |