This is problematic for our pre-authorized oauth2 flow for Windmill, because the /o/ route requests aren't made with a bearer token. \
1) Let's make sure we set a session cookie as part of the drf-passwordless flow, possibly when an optional session param is passed in the step 2 request
2) Double-check that the Mission Control login still works
Describe the bug
We use drf-passwordless to trade a two-factor code for a bearer API token.
drf-passwordless doesn't set a session cookie for the user. Example in Django's default
login()
function: https://github.com/django/django/blob/stable/3.2.x/django/contrib/auth/__init__.py#L90This is problematic for our pre-authorized oauth2 flow for Windmill, because the /o/ route requests aren't made with a bearer token. \
1) Let's make sure we set a session cookie as part of the drf-passwordless flow, possibly when an optional
session
param is passed in the step 2 request 2) Double-check that the Mission Control login still works