Comment 10 for bug 1468422

Recapping IRC conversation:

We've hit a snag with AuthProxy. When a user authenticates externally, AuthProxy performs a login internally via open-ils.auth to create a login session for the externally-verified user. It does this by pulling the password from the DB and using it to log the user in. In the new world order, the middle layer code cannot access the password and, even if it could, it would not be able to use it, since open-ils.auth needs the real password w/ some md5 hashing, not a bcrypted password.

Proposed solution was to create a new private service which implements the contents of oils_auth.c:oilsAuthHandleLoginOK(). It would take a user (probably by id) and add the user to the auth cache. With this, services besides open-ils.auth can "log in" a user without knowing the user's password. oils_auth.c would be modified to call this new service instead of continuing to use its own implementation to avoid duplication.

In essence, open-ils.auth would be broken up into open-ils.auth and open-ils.auth-internal. AuthProxy would call open-ils.auth-internal to log in externally-verified users.