Open baszoetekouw opened 1 year ago
@baszoetekouw It would really help if we make a sequence-diagram / overview of the different login types and statuses and possible outcomes. It is now not clear to me, which combination of login_type
and status
to use in some of the different flows.
blocked by #883
When logging in to SBS test using the SURFnet Acc IdP (with SSID SFO), the login turn up 4 times in the
user_logins
table:This is probably causes by the SFO login:
proxy_authz
request with SBS OIDC client id (APP-B799ADC6-EA57-4383-B493-27FB03D9195F), SBS tell EduTEAM to redrect to SFO endpointproxy_authz
requestIt probably makes sense to log all those 4 steps, but we should make clear in the table which one denotes the actual successful login.
So I propose the following:
status
(or something like that) which for (failed)proxy_authz
requests records the return status (SECOND_FA_REQUIRED
,AUP_NOT_AGREED
, etc)login_type
(e.g.,sbs_mfa
,sbs_mfa_ssid
,sbs_aup
).In that way, a user logging in would still give 4 entries in the table, but only 1 will have type
sbs_login
.