Skip to content

Canonicalize identifier-step endpoint across dashboard and hosted login (/begin vs /preflight) #233

Description

@ahmetabdullahgultekin

Login surfaces still diverge at the identifier step: dashboard LoginPage calls /auth/login/begin (opens an MFA session, touches lockout) while hosted LoginMfaFlow calls /auth/login/preflight for the lone-password engine-ON case (no session, no lockout). Recommendation: canonicalize on /auth/login/preflight at the identifier step, creating the session at the first real factor submit. Session/lockout semantics decision — owner sign-off needed. (Source: docs/archive/LOGIN_PARITY_2026-06-01.md — only remaining 'STILL DIVERGENT' row; confirmed on HEAD in AuthRepository.ts:116/153 + LoginMfaFlow.tsx.)

Metadata

Metadata

Assignees

No one assigned

    Labels

    decision/recommend-firstOwner decision needed before action (design/destructive)surface/webweb-app (React dashboard + hosted login)

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions