-
ale authored
The login handler is now a simpler, standalone http.Handler wrapper. The separation between the SSO application and the login handler is now fairly complete. The login handler no longer forces the user to a specific workflow via session cookies, but it works on a request-by-request basis instead, which makes the "back" button works as expected (allowing the user to bail out of a broken 2FA process, for example). Session handling has been simplified as well: there is a single session for authentication and login state, which should remove the opportunity for session synchronization errors.
4d70b167
This project is licensed under the GNU General Public License v3.0 only.
Learn more