diff options
author | Frédéric Mangano-Tarumi <fmang@mg0.fr> | 2020-07-14 15:34:06 +0200 |
---|---|---|
committer | Lukas Fleischer <lfleischer@archlinux.org> | 2021-02-20 17:24:30 +0100 |
commit | 4bf8228324e4c3811b48069a4b2ae7fd840c78a0 (patch) | |
tree | 7a88e46001d54af7cb7c0ae0aae46ee7cb2b17ee | |
parent | 8d5244d0c0c3b38f29b9b087c5e85082f0bb1f65 (diff) | |
download | aur-4bf8228324e4c3811b48069a4b2ae7fd840c78a0.tar.gz aur-4bf8228324e4c3811b48069a4b2ae7fd840c78a0.tar.xz |
SSO: Explain the rationale behind prompt=login
We might reconsider it in the future.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
-rw-r--r-- | aurweb/routers/sso.py | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/aurweb/routers/sso.py b/aurweb/routers/sso.py index d0802c34..e1ec7efe 100644 --- a/aurweb/routers/sso.py +++ b/aurweb/routers/sso.py @@ -28,6 +28,13 @@ oauth.register( @router.get("/sso/login") async def login(request: Request): + """ + Redirect the user to the SSO provider’s login page. + + We specify prompt=login to force the user to input their credentials even + if they’re already logged on the SSO. This is less practical, but given AUR + has the potential to impact many users, better safe than sorry. + """ redirect_uri = aurweb.config.get("options", "aur_location") + "/sso/authenticate" return await oauth.sso.authorize_redirect(request, redirect_uri, prompt="login") |