Skip to content
  • ale's avatar
    Refactor the login handler · 4d70b167
    ale authored
    The login handler is now a simpler, standalone http.Handler
    wrapper. The separation between the SSO application and the login
    handler is now fairly complete.
    
    The login handler no longer forces the user to a specific workflow via
    session cookies, but it works on a request-by-request basis instead,
    which makes the "back" button works as expected (allowing the user to
    bail out of a broken 2FA process, for example).
    
    Session handling has been simplified as well: there is a single
    session for authentication and login state, which should remove the
    opportunity for session synchronization errors.
    4d70b167