search

lizardsystem / lizard-auth-server

Django backend for the old SSO server
http://lizard-auth-server.readthedocs.io/
MIT License
2 stars 1 forks source link

A user arriving at the SSO server after being redirected there can now #30

Closed remcogerlich closed 8 years ago

remcogerlich commented 8 years ago

use a "return_unauthorized" URL attribute. If the user is already logged in on the SSO server, redirects are set up so that he will be logged in on the site he was redirected from.

If he is not, then if return_unauthorized is False (the default, and the old behaviour), then he will be forced to log in before being redirected back.

If return_unauthorized is True, redirect the user back without logging in (to lizard-auth-client's /sso/local_not_logged_in/ URL).

This enables a "attempt to auto-login if possible, but don't require it" workflow that is sometimes helpful.

reinout commented 8 years ago

Ik zou de naamgeving de andere kant uit doen. Reguliere gedrag is het huidige gedrag. Dus dat is niet de uitzondering. En "force login" klinkt me teveel als een uitzondering.

Beter: only_attempt_login ofzo.

remcogerlich commented 8 years ago

Heb de naamgeving de andere kant op gedaan. Het is nu 'return_unauthorized', en hij doet dat alleen als hij True is (de default is False).

ernstkui commented 8 years ago

@reinout Kan dit er nog in?

reinout commented 8 years ago

Zie https://github.com/lizardsystem/lizard-auth-client/pull/30, daar hoort het bij. Die moet wel eerst nog tests krijgen.

coveralls commented 8 years ago

Coverage Status

Coverage decreased (-0.07%) to 56.112% when pulling 22e05565687e36ba1056d775be202fe54be65326 on remco-attempt-autologin into 12ec955e57ab101dfb3de44bba80906b55a62c36 on master.

reinout commented 8 years ago

Ik denk nog wel dat we wat aan de naamgeving van de parameter moeten doen, maar dat komt los wel.