feat: restrict Gitea OIDC to activity users

2026-06-03 22:16:02 +02:00
parent 1d3c25f855
commit 5bef06b5d2
1 changed files with 4 additions and 0 deletions
@@ -112,6 +112,10 @@ async def authorize(
            status_code=302,
        )

+    # Per-client access control
+    if client_id == "gitea" and not user.activity_access:
+        return _err("access_denied", "Gitea access is restricted to activity users")
+
    # Issue authorization code
    code = create_oauth2_code(
        deps._get_db(),