When the app opens pycon.org pages (sprint submission, open space submission), users have to log in again on the website even if they're already authenticated in the app.
Proposed solution: add a one-time token endpoint to pycon-site that accepts the app's API credentials and returns a short-lived token. The app opens the target URL with the token, which auto-authenticates and redirects.
Requires server-side work on pycon-site (new endpoint, token model, expiry/single-use logic).
When the app opens pycon.org pages (sprint submission, open space submission), users have to log in again on the website even if they're already authenticated in the app.
Proposed solution: add a one-time token endpoint to pycon-site that accepts the app's API credentials and returns a short-lived token. The app opens the target URL with the token, which auto-authenticates and redirects.
Requires server-side work on pycon-site (new endpoint, token model, expiry/single-use logic).