feature: FGI-1574 add connected account support by sam-muncke · Pull Request #67 · auth0/auth0-fastapi

sam-muncke · 2025-11-06T15:58:05Z

Changes

This change adds support for the new Connected Accounts flow.

Adds a new config values:
-- mount_connected_account_routes - Adds the /auth/connect route and allows /auth/callback to handle the connected account callback
Adds /auth/connect route to initiate connected account flow
Modifies /auth/callback to handle connected account callback to complete the flow if the connect_code param is present

Note: This change depends on the functionality in [this PR]:auth0/auth0-server-python#57 and requires a version bump to auth0-server-python lib.

References

Testing

Please describe how this can be tested by reviewers. Be specific about anything not tested and reasons why. If this library has unit and/or integration testing, tests should be added for new functionality and existing tests should complete without errors.

This change adds unit test coverage
This change adds integration test coverage
This change has been tested on the latest version of the platform/language or why not

Checklist

I have read the Auth0 general contribution guidelines
I have read the Auth0 Code of Conduct
All existing and new tests complete without errors

adamjmcgrath · 2025-11-07T13:08:51Z

+
            # Extract the returnTo URL from the appState if available.
-            return_to = session_data.get("app_state", {}).get("returnTo")
+            return_to = app_state.get("returnTo")


Not the fault of this PR, but this SDK should have something like this https://github.com/auth0/nextjs-auth0/blob/main/EXAMPLES.md#oncallback-hook - otherwise the api response gets lost

Yeh I struggled with what to do after completion. I thought this was the best option for expediency to get something functional for the GA date as there's not actually a lot thats useful in the response. This SDK is pretty bare feature wise though compared to the JS SDK. I can add something like this in in a follow up PR

sam-muncke · 2025-11-07T15:23:07Z

@claude

github-actions · 2025-11-07T15:23:33Z

Claude finished @sam-muncke's task —— View job

Code Review Complete

Read PR diff and understand changes
Read project context
Perform code quality review
Perform security review
Perform performance review
Provide inline feedback on specific issues
Provide overall assessment

Overall Assessment

❌ This PR has critical security and correctness issues that must be addressed before merging. The most significant concern is an open redirect vulnerability in the callback handler where the returnTo parameter is not validated. Additionally, there are incorrect type annotations and docstrings that will cause confusion and potential runtime errors.

Job Run | Branch

… mutually exclusive with legacy connect behaviour

kishore7snehil

LGTM!

sam-muncke added 2 commits November 6, 2025 15:55

Basic support for connected accounts/mrrt

2b7603d

Fix linting issues

f77aa7e

sam-muncke mentioned this pull request Nov 6, 2025

feat: FGI-1573 add connected account support auth0/auth0-server-python#57

Merged

6 tasks

sam-muncke added 3 commits November 6, 2025 21:14

Pass returnUrl in app_state

e4e8d74

Fix lint issues

e24ee17

Add some authclient tests

aaddd31

adamjmcgrath reviewed Nov 7, 2025

View reviewed changes