Overview: Difficulty entering multiple usernames from OAuth2 flow while preserving context.
I was working to enable multiple username submissions (reset & re-enter) when in OAuth2 flow, while preserving URL params. When entering our oauth2 page, we attempt to auto-submit username (first looking in BrandingSettings/ and then Remember Me). This causes an issue when restarting/resubmitting usernames.
The following is our intended flow:
The problem arises going from step 3-4. It appears once a username is submitted, that initial username becomes associated with the x-flow-state. So when we reach step 4 (using the same query params as the initial redirect), the BrandingSettings/ call will return the initial username. Thus, that username is autosubmitted.
Discussion: Some initial thoughts/questions regarding the matter.
Release : 2.1
VIP Authentication Hub
For authentication flow for different user, sign-in client is expected to call the /authenticate with x-reset-flow:true header.
This is updated in the document and covered here.