VIP AuthHub - Reset/Resubmit username in OAuth2 flow
search cancel

VIP AuthHub - Reset/Resubmit username in OAuth2 flow


Article ID: 269216


Updated On:


VIP Authentication Hub


Overview: Difficulty entering multiple usernames from OAuth2 flow while preserving context. 

I was working to enable multiple username submissions (reset & re-enter) when in OAuth2 flow, while preserving URL params. When entering our oauth2 page, we attempt to auto-submit username (first looking in BrandingSettings/ and then Remember Me). This causes an issue when restarting/resubmitting usernames.

The following is our intended flow:

  1. SM redirects to AuthHub
    • Enter OAuth2 flow
    • with Context-Specific URL params
  2. Try to submit username via (in respective order):
    1. Identity propagation (BrandingSettings/)
    2. Remember me
    3. Manually entered
  3. Click "Not <username>?" link  
    • Restarting OAuth2 flow
    • Restoring Context-Specific URL params from before
  4. Submit different username (same priority order):
    1. Identity propagation (BrandingSettings/)
    2. Remember me
    3. Manually enetered

The problem arises going from step 3-4. It appears once a username is submitted, that initial username becomes associated with the x-flow-state. So when we reach step 4 (using the same query params as the initial redirect), the BrandingSettings/ call will return the initial username. Thus, that username is autosubmitted.

Discussion: Some initial thoughts/questions regarding the matter.

  • Does the flow (as it is described above) seem to be correct?
  • Is there a way to disassociate the username with the x-flow-state?
  • Is there a better way to reset OAuth2 flow while preserving params?
  • We considered ignoring the BrandingSettings calls on reset flow, but that was deemed a hack



Release : 2.1

VIP Authentication Hub


For authentication flow for different user, sign-in client is expected to call the /authenticate with x-reset-flow:true header.

This is updated in the document and covered here.