Protected auth methods which are also used for logging in to wicked are displayed in the public login page.
This should not be the case. It should be possible to use them, but they should not be freely displayed.
Only if the login page is displayed using a ?auth_method=<...>, the auth method is actually displayed. In case this auth method was used before, it will continue to be displayed; to achieve this behaviour, it is stored as a cookie.
See also #172 and #198 for context.
Protected auth methods which are also used for logging in to wicked are displayed in the public login page.
This should not be the case. It should be possible to use them, but they should not be freely displayed.
Only if the login page is displayed using a
?auth_method=<...>, the auth method is actually displayed. In case this auth method was used before, it will continue to be displayed; to achieve this behaviour, it is stored as a cookie.