feat(jans-auth-server): store previous session's acr/data to the new session's context

[martynaslawinska]

aliaksander-samuseu commented on May 21, 2019
Suggested in ticket 6911 by a partner, adding here per Yuriy's decision. Their original problem was that when an authz request comes which includes "prompt=login" parameter, it's impossible to recover previous session's context from a custom auth script as previous session is destroyed before it's executed, and thus it's impossible to learn which acr was associated with that previous session.

Quoting their suggestion:

Would there be a way to retain/upgrade the existing session for an upgrade, such as via parameter in the "init" function of the script or is the session destroyed before that? Would there be a possibility to retain previous session info as previous (not current) session somewhere in the new session authentication processing to make it available once you get to the custom script? The intention is to have a "second factor upgrade/validation" mechanism, which would be very helpful.

[ossdhaval]

Tagging @aliaksander-samuseu as the original author