You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
OAuth PKCE external frontend support: Session cookie wire format bumped to v4 with a new return_to field. External frontends can pass _vgi_return_to query parameter to receive auth tokens via URL fragment redirect instead of cookies.
Bug fix: Fixed session cookie cleanup path mismatch in the external redirect branch — the cookie path now correctly matches where it was set ({prefix}/_oauth/), ensuring browsers actually delete it.
Lint fixes: Sorted __slots__, import ordering, and indentation cleanup.
