Expand description
Persistent OAuth state stores (SQLite + Postgres).
State tokens are short-lived (10 min) and single-use. Persisting them to durable storage lets the OAuth flow survive a server restart that happens between the user clicking “Sign in with Google” and the provider redirecting back. Schema carries the callback / error_callback URLs (validated against PYLON_TRUSTED_ORIGINS at create time) so the callback handler doesn’t need any env var to know where to redirect after success or failure.
Cleanup happens lazily — when take() finds an expired token it
returns None and the row sticks around until VACUUM. At the
volumes OAuth flows actually generate this is never a problem.