IdP callback landing — issues session and redirects to SPA
Auth
IdP callback landing — issues session and redirects to SPA
Validates the HMAC-signed state (from the mnemom_sso_initiator cookie), consumes the single-use nonce, exchanges the PKCE code, enforces domain + org binding, performs SSO identity linking (T3-2c), and issues mnemom_session via a 302 to the SPA’s redirect_after path.
GET
IdP callback landing — issues session and redirects to SPA
Query Parameters
Response
Session issued. Redirects to the SPA.