Refactor the login handler (!6) · Merge requests · id / go-sso

ale requested to merge better-login into master Dec 15, 2019

The login handler is now a simpler, standalone http.Handler wrapper. The separation between the SSO application and the login handler is now fairly complete.

The login handler no longer forces the user to a specific workflow via session cookies, but it works on a request-by-request basis instead, which makes the "back" button works as expected (allowing the user to bail out of a broken 2FA process, for example).

Session handling has been simplified as well: there is a single session for authentication and login state, which should remove the opportunity for session synchronization errors.

Edited Dec 19, 2019 by ale

Refactor the login handler

Merge request reports