hjess/tink-demo
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Wiki Activity

fix: guard against duplicate callback — skip token exchange if already stored
All checks were successful
Build and Deploy / deploy (push) Successful in 37s
Details

Browse Source
This commit is contained in:
Henrik Jess Nielsen
2026-05-23 01:06:45 +02:00
parent ba38cb1e47
commit c3bc6a48a0
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/routes/demo.py
View File

@@ -402,6 +402,11 @@ async def tink_callback(request: Request, code: Optional[str] = None,
print(f"[CALLBACK] Tink returned error: {error}") print(f"[CALLBACK] Tink returned error: {error}")
return RedirectResponse(f"/demo/step/3?error={error}") return RedirectResponse(f"/demo/step/3?error={error}")
if code: if code:
# Guard: if we already have a user_token for this session, the code was
# already exchanged (duplicate callback from Traefik during rolling deploy).
if _load_token(sess, "user_token"):
print(f"[CALLBACK] Already have user_token — skipping duplicate exchange")
return RedirectResponse("/demo/step/3?cb_success=1", status_code=303)
try: try:
s = get_settings() s = get_settings()
print(f"[CALLBACK] Exchanging code, redirect_uri={s.tink_redirect_uri!r}") print(f"[CALLBACK] Exchanging code, redirect_uri={s.tink_redirect_uri!r}")