SSO: Explain the rationale behind prompt=login

We might reconsider it in the future. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
author: Frédéric Mangano-Tarumi <fmang@mg0.fr> 2020-07-14 15:34:06 +0200
committer: Lukas Fleischer <lfleischer@archlinux.org> 2021-02-20 17:24:30 +0100
commit: 4bf8228324e4c3811b48069a4b2ae7fd840c78a0 (patch)
tree: 7a88e46001d54af7cb7c0ae0aae46ee7cb2b17ee
parent: 8d5244d0c0c3b38f29b9b087c5e85082f0bb1f65 (diff)
download: aur-4bf8228324e4c3811b48069a4b2ae7fd840c78a0.tar.gz
aur-4bf8228324e4c3811b48069a4b2ae7fd840c78a0.tar.xz
1 files changed, 7 insertions, 0 deletions
diff --git a/aurweb/routers/sso.py b/aurweb/routers/sso.py
index d0802c34..e1ec7efe 100644
--- a/aurweb/routers/sso.py
+++ b/aurweb/routers/sso.py
@@ -28,6 +28,13 @@ oauth.register(
 
 @router.get("/sso/login")
 async def login(request: Request):
+    """
+    Redirect the user to the SSO provider’s login page.
+
+    We specify prompt=login to force the user to input their credentials even
+    if they’re already logged on the SSO. This is less practical, but given AUR
+    has the potential to impact many users, better safe than sorry.
+    """
     redirect_uri = aurweb.config.get("options", "aur_location") + "/sso/authenticate"
     return await oauth.sso.authorize_redirect(request, redirect_uri, prompt="login")
author	Frédéric Mangano-Tarumi <fmang@mg0.fr>	2020-07-14 15:34:06 +0200
committer	Lukas Fleischer <lfleischer@archlinux.org>	2021-02-20 17:24:30 +0100
commit	4bf8228324e4c3811b48069a4b2ae7fd840c78a0 (patch)
tree	7a88e46001d54af7cb7c0ae0aae46ee7cb2b17ee
parent	8d5244d0c0c3b38f29b9b087c5e85082f0bb1f65 (diff)
download	aur-4bf8228324e4c3811b48069a4b2ae7fd840c78a0.tar.gz aur-4bf8228324e4c3811b48069a4b2ae7fd840c78a0.tar.xz