Auth flow fixes (#82)

* preliminary fixes to broken auth flow

* fix some auth/cookie weirdness

* fmt

internal/api/client/auth/auth.go

@@ -36,8 +36,26 @@ const (
 	OauthTokenPath = "/oauth/token"
 	// OauthAuthorizePath is the API path for authorization requests (eg., authorize this app to act on my behalf as a user)
 	OauthAuthorizePath = "/oauth/authorize"
+
+	sessionUserID       = "userid"
+	sessionClientID     = "client_id"
+	sessionRedirectURI  = "redirect_uri"
+	sessionForceLogin   = "force_login"
+	sessionResponseType = "response_type"
+	sessionCode         = "code"
+	sessionScope        = "scope"
 )
 
+var sessionKeys []string = []string{
+	sessionUserID,
+	sessionClientID,
+	sessionRedirectURI,
+	sessionForceLogin,
+	sessionResponseType,
+	sessionCode,
+	sessionScope,
+}
+
 // Module implements the ClientAPIModule interface for
 type Module struct {
 	config *config.Config