Vishnu Ks 868a763cec auth2: Don't use session for passing multiuse invite key. ...

For Google auth, the multiuse invite key should be stored in the
csrf_state sent to google along with other values like is_signup,
mobile_flow_otp.

For social auth, the multiuse invite key should be passed as params to
the social-auth backend. The passing of the key is handled by
social_auth pipeline and made available to us when the auth is
completed.

2019-02-12 15:51:11 -08:00

33 KiB

Raw Blame History

View Raw