Due to the CSRF protection being turned on/recommended, I can’t seem to figure out how to trigger an auth flow automatically (when someone accesses a url that’s protected). If I have a login link/button with a post action, it works fine, but I can’t seem to trigger it when someone goes to a protected url (i.e. http://some.domain/app).
Is this possible without removing CSRF protection and not having another page with a login button? I’d prefer the user experience of automatically triggering the flow.