my GSOC student again has some issue with hidden magic in Plone PAS.
We POST from a custom login form our Webauthn credentials to /Plone/login
Our authenticateCredentials() implementation returns the tuple (user_id, user_id).
Expectation: PlonePAS should redirect to the welcome page and have the user authenticated
But we don't see any redirection. The POST request no impact the browser. Anything missing here?
PAS validation happens on every request, so if necessary you can create a custom view that does the same post-login actions as the login form (if using the login form is cumbersome).
There is also the Products.PluggableAuthService.interfaces.events.IUserLoggedInEvent where you could register an event listener and implement a redirection.
Notifying the UserLoggedInEvent is one of the things that is done by the login form (well, the login form calls membership_tool.loginUser(self.request) which does it. It is not raised by PAS, as far as I know.