Overview: Difficulty entering multiple usernames from OAuth2 flow while preserving context. 

I was working to enable multiple username submissions (reset & re-enter) when in OAuth2 flow, while preserving URL params. When entering our oauth2 page, we attempt to auto-submit username (first looking in BrandingSettings/ and then Remember Me). This causes an issue when restarting/resubmitting usernames.

The following is our intended flow:

1. SM redirects to AuthHub
   • Enter OAuth2 flow
   • with Context-Specific URL params
2. Try to submit username via (in respective order):
   1. Identity propagation (BrandingSettings/)
   2. Remember me
   3. Manually entered
3. Click "Not <username>?" link  
   • Restarting OAuth2 flow
   • Restoring Context-Specific URL params from before
4. Submit different username (same priority order):
   1. Identity propagation (BrandingSettings/)
   2. Remember me
   3. Manually enetered

The problem arises going from step 3-4. It appears once a username is submitted, that initial username becomes associated with the x-flow-state. So when we reach step 4 (using the same query params as the initial redirect), the BrandingSettings/ call will return the initial username. Thus, that username is autosubmitted.

Discussion: Some initial thoughts/questions regarding the matter.

• Does the flow (as it is described above) seem to be correct?
• Is there a way to disassociate the username with the x-flow-state?
• Is there a better way to reset OAuth2 flow while preserving params?
• We considered ignoring the BrandingSettings calls on reset flow, but that was deemed a hack

Release : 2.1

VIP Authentication Hub

For authentication flow for different user, sign-in client is expected to call the /authenticate with x-reset-flow:true header.

This is updated in the document and covered here.