[autofix.ci] apply automated fixes

Author: autofix-ci[bot]

scripts/mock_oidc_server.py

@@ -127,7 +127,10 @@ def _b64url(n: int) -> str:
 JWKS = {
     "keys": [
         {
-            "kty": "RSA", "use": "sig", "kid": _KID, "alg": "RS256",
+            "kty": "RSA",
+            "use": "sig",
+            "kid": _KID,
+            "alg": "RS256",
             "n": _b64url(_pub_numbers.n),
             "e": _b64url(_pub_numbers.e),
         }
@@ -274,7 +277,7 @@ async def authorization_submit(
     if not _has_client_access(emp_id, client_id):
         project = client_id.removeprefix("langflow-")
         groups = _get_employee_groups(emp_id)
-        reason = f"소속 그룹 없음" if not groups else f"소속 그룹: {', '.join(groups)}"
+        reason = "소속 그룹 없음" if not groups else f"소속 그룹: {', '.join(groups)}"
         return HTMLResponse(
             _error_page(
                 f"<b>{emp['name']} ({emp_id})</b> 계정은 "
@@ -304,7 +307,9 @@ async def token(
 
     entry = _codes.pop(code, None)
     if not entry:
-        return JSONResponse({"error": "invalid_grant", "error_description": "Code not found or already used"}, status_code=400)
+        return JSONResponse(
+            {"error": "invalid_grant", "error_description": "Code not found or already used"}, status_code=400
+        )
 
     employee_id, issued_client_id = entry
     return {
@@ -318,7 +323,6 @@ async def token(
 @app.get("/admin", include_in_schema=False)
 async def admin_page():
     """Read-only page: employees, groups, and client access."""
-
     # ── Group table ───────────────────────────────────────────────────────
     group_rows = ""
     for gname, g in GROUPS.items():

src/backend/langflow-keycloak-sso/src/langflow_keycloak_sso/keycloak_client.py

@@ -17,9 +17,7 @@ def __init__(self, token_endpoint: str, jwks_uri: str, client_id: str, client_se
         self._client_secret = client_secret
         self._jwks_client = PyJWKClient(jwks_uri)
 
-    async def exchange_code(
-        self, code: str, redirect_uri: str, code_verifier: str | None = None
-    ) -> dict[str, Any]:
+    async def exchange_code(self, code: str, redirect_uri: str, code_verifier: str | None = None) -> dict[str, Any]:
         """Exchange authorization code for tokens. Returns the token response dict."""
         post_data: dict[str, str] = {
             "grant_type": "authorization_code",

src/backend/langflow-keycloak-sso/src/langflow_keycloak_sso/mapping.py

@@ -2,13 +2,12 @@
 
 import secrets
 
-from passlib.context import CryptContext
-from sqlmodel.ext.asyncio.session import AsyncSession
-
 from langflow.initial_setup.setup import get_or_create_default_folder
 from langflow.services.database.models.user.crud import get_user_by_username
 from langflow.services.database.models.user.model import User
 from langflow.services.deps import get_variable_service
+from passlib.context import CryptContext
+from sqlmodel.ext.asyncio.session import AsyncSession
 
 _pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
 

src/backend/langflow-keycloak-sso/src/langflow_keycloak_sso/router.py

@@ -6,12 +6,10 @@
 import secrets
 import urllib.parse
 from datetime import datetime, timedelta, timezone
-from typing import Annotated
 
 import jwt as pyjwt
 from fastapi import APIRouter, HTTPException, Request, status
 from fastapi.responses import RedirectResponse
-
 from langflow.api.utils.core import DbSession
 from langflow.services.deps import get_auth_service, get_settings_service
 
@@ -36,9 +34,7 @@ def _get_state_secret() -> str:
 def _generate_pkce() -> tuple[str, str]:
     """Return (code_verifier, code_challenge) for PKCE S256."""
     verifier = base64.urlsafe_b64encode(os.urandom(32)).rstrip(b"=").decode()
-    challenge = base64.urlsafe_b64encode(
-        hashlib.sha256(verifier.encode()).digest()
-    ).rstrip(b"=").decode()
+    challenge = base64.urlsafe_b64encode(hashlib.sha256(verifier.encode()).digest()).rstrip(b"=").decode()
     return verifier, challenge
 
 
@@ -227,7 +223,12 @@ async def keycloak_logout(request: Request):
 
     redirect = RedirectResponse(url="/login", status_code=status.HTTP_302_FOUND)
     for name, httponly, samesite, secure in [
-        ("refresh_token_lf", auth_settings.REFRESH_HTTPONLY, auth_settings.REFRESH_SAME_SITE, auth_settings.REFRESH_SECURE),
+        (
+            "refresh_token_lf",
+            auth_settings.REFRESH_HTTPONLY,
+            auth_settings.REFRESH_SAME_SITE,
+            auth_settings.REFRESH_SECURE,
+        ),
         ("access_token_lf", auth_settings.ACCESS_HTTPONLY, auth_settings.ACCESS_SAME_SITE, auth_settings.ACCESS_SECURE),
         ("apikey_tkn_lflw", auth_settings.ACCESS_HTTPONLY, auth_settings.ACCESS_SAME_SITE, auth_settings.ACCESS_SECURE),
         ("kc_id_token_lf", True, auth_settings.ACCESS_SAME_SITE, auth_settings.ACCESS_SECURE),
@@ -261,9 +262,24 @@ async def keycloak_logout(request: Request):
         redirect = RedirectResponse(url=kc_logout_url, status_code=status.HTTP_302_FOUND)
         # Re-delete the cookies on the new redirect response as well.
         for name, httponly, samesite, secure in [
-            ("refresh_token_lf", auth_settings.REFRESH_HTTPONLY, auth_settings.REFRESH_SAME_SITE, auth_settings.REFRESH_SECURE),
-            ("access_token_lf", auth_settings.ACCESS_HTTPONLY, auth_settings.ACCESS_SAME_SITE, auth_settings.ACCESS_SECURE),
-            ("apikey_tkn_lflw", auth_settings.ACCESS_HTTPONLY, auth_settings.ACCESS_SAME_SITE, auth_settings.ACCESS_SECURE),
+            (
+                "refresh_token_lf",
+                auth_settings.REFRESH_HTTPONLY,
+                auth_settings.REFRESH_SAME_SITE,
+                auth_settings.REFRESH_SECURE,
+            ),
+            (
+                "access_token_lf",
+                auth_settings.ACCESS_HTTPONLY,
+                auth_settings.ACCESS_SAME_SITE,
+                auth_settings.ACCESS_SECURE,
+            ),
+            (
+                "apikey_tkn_lflw",
+                auth_settings.ACCESS_HTTPONLY,
+                auth_settings.ACCESS_SAME_SITE,
+                auth_settings.ACCESS_SECURE,
+            ),
             ("kc_id_token_lf", True, auth_settings.ACCESS_SAME_SITE, auth_settings.ACCESS_SECURE),
         ]:
             redirect.delete_cookie(