[PATCH 1/4] SSO: Explain the rationale behind prompt=login
Frédéric Mangano-Tarumi
fmang at mg0.fr
Tue Jul 14 13:34:06 UTC 2020
We might reconsider it in the future.
---
aurweb/routers/sso.py | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/aurweb/routers/sso.py b/aurweb/routers/sso.py
index d0802c34..e1ec7efe 100644
--- a/aurweb/routers/sso.py
+++ b/aurweb/routers/sso.py
@@ -28,6 +28,13 @@ oauth.register(
@router.get("/sso/login")
async def login(request: Request):
+ """
+ Redirect the user to the SSO provider’s login page.
+
+ We specify prompt=login to force the user to input their credentials even
+ if they’re already logged on the SSO. This is less practical, but given AUR
+ has the potential to impact many users, better safe than sorry.
+ """
redirect_uri = aurweb.config.get("options", "aur_location") + "/sso/authenticate"
return await oauth.sso.authorize_redirect(request, redirect_uri, prompt="login")
--
2.27.0
More information about the aur-dev
mailing list