theHub

Welcome, broker. Click below to authenticate. theHub will issue an auth_code and embed LON.

Flow

  1. POST /login authenticates broker (simulated)
  2. theHub generates auth_code (60s TTL, one-time-use)
  3. Cookie set: hub_lon_auth_code=...; Domain=adrielamoguis.com; HttpOnly; Secure; SameSite=None
  4. Page renders iframe to https://lon.adrielamoguis.com/sso
  5. LON server-side reads cookie → POSTs to /lon/token → verifies JWT → creates LON session