[Feature Request] Allow passing a post-authentication callable to OIDCAuth

[DrGFreeman]

The OIDCAuth class and group-based features added in 2.3.0 are great!

It would be useful for the OIDCAuth class to take a callable that is executed at the end of the OIDCAuth.callback method just before the redirect. This function would take the access token as single positional argument and have access to the session global, e.g.:

from dash import Dash
from dash_auth import OIDCAuth
from flask import session

def add_scopes_to_user(token):
    if scope := token.get("scope"):
        session["user"]["scopes"] = scope.split()

app = Dash(__name__)

auth = OIDCAuth(
    app,
    secret_key="aStaticSecretKey!",
    post_auth_callback=add_scopes_to_user,  # defaults to None
)

This feature would provide a lot of flexibility to app developers for different use cases:

• storage of additional fields from the token in the session (example above),
• add a user to the DB if not already existing,
• custom logging,
• etc.

I can submit a PR if this is a feature the maintainers would consider merging.

[FrancisRalph]

This would be very useful. Currently my workaround is to override the OIDCAuth:

class OIDCAuthCustom(OIDCAuth):
    def __init__(self, *args, **kwargs):
        super().__init__(*args, **kwargs)

    def callback(self, idp: str):
        return_value = super().callback(idp)

        client = self.get_oauth_client(idp)
        userinfo = client.userinfo()
        # ...

        return return_value

[georgewayne]

@FrancisRalph - brilliant! thx.

[olivier-lacroix]

I believe https://github.com/plotly/dash-auth/pull/156 has closed this issue @alexcjohnson ?