identity
identity copied to clipboard
SSO with a non-trusted client causes a loop
During an SSO init, if an existing oauth dance is going on with an untrusted client, this line will show the authorization page: https://github.com/heroku/identity/blob/master/lib/identity/login_external.rb#L24 Then when 'Authorize' button is hit we redirect back to SSO and get into a loop: https://github.com/heroku/identity/blob/master/lib/identity/auth.rb#L231-L234
/cc @gulopine @heroku/management-experience