this could be tricky, but it would be good if, by default, this could be secure against login CSRF. This means CSRF-protecting the /auth call.
this could be tricky, but it would be good if, by default, this could be secure against login CSRF. This means CSRF-protecting the /auth call.