Consider unification of ANONYMOUS_SESSION_CREATED and LOGIN_SUCCESS in audit log

[ateska]

These are basically the same events.

[byewokko]

LOGIN_SUCCESS relates to user authentication and to the creation of a new root session. there is also AUTHORIZE_SUCCESS, which relates to authorization (at /oauth/authorize endpoint) and to the creation of a new client subsession. ANONYMOUS_SESSION_CREATED is somewhere in between, but imo closer to authorization since it's basically authorization without proper authentication.

i suggest replacing the above with these two events:

• AUTHENTICATION_SUCCESS - successful login and creation of a new root session.
• AUTHORIZATION_SUCCESS - successful authorization and creation of a new client session. If the session is anonymous, anonymous=True is added to the audit event.

[ateska]

Ok, I agree.