I'm working on a 3rd-party Auth plugin (WS-Federation), and can't figure out how to intercept the response.
I have an auth.php with a class which extends auth_plugin_base and defines functions pre_loginpage_hook and loginpage_hook.
This causes a redirect to the 3rd party auth server. After successfully authenticating on the 3rd party server, it causes a POST back to mydomain.com/login/ with a couple of parameters I can use to validate the response.
I'm not sure how to intercept that POST to /login/. Can the code go in auth.php? Does the POST need to go to a different URL which I create a new page for?