Re: [PATCH 1/4] SSO: Explain the rationale behind prompt=login

[Lukas Fleischer]

On Tue, 14 Jul 2020 at 09:34:06, Frédéric Mangano-Tarumi wrote:
> We might reconsider it in the future.
> ---
>  aurweb/routers/sso.py | 7 +++
>  1 file changed, 7 insertions(+)

Queued all patches in this patch series in pu, thanks Frédéric!

[PATCH 1/4] SSO: Explain the rationale behind prompt=login

[Frédéric Mangano-Tarumi]

We might reconsider it in the future.
---
 aurweb/routers/sso.py | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/aurweb/routers/sso.py b/aurweb/routers/sso.py
index d0802c34..e1ec7efe 100644
--- a/aurweb/routers/sso.py
+++ b/aurweb/routers/sso.py
@@ -28,6 +28,13 @@ oauth.register(
 
 @router.get("/sso/login")
 async def login(request: Request):
+"""
+Redirect the user to the SSO provider’s login page.
+
+We specify prompt=login to force the user to input their credentials even
+if they’re already logged on the SSO. This is less practical, but given AUR
+has the potential to impact many users, better safe than sorry.
+"""
 redirect_uri = aurweb.config.get("options", "aur_location") + 
"/sso/authenticate"
 return await oauth.sso.authorize_redirect(request, redirect_uri, 
prompt="login")
 
-- 
2.27.0