Implemented Duo, elsewhere.
This appears later on in greater depth, but "continue" responses are "click the button to continue".
Two cases for them:
I streamlined this text slightly and made the header less scary.
Factors may now produce a result directly from the challenge step. This happens when:
Issuing challenges may now find an approval (Duo/push), so an early result doesn't necessarily mean a validity issue anymore.
For hard error results, like "ur duo is v. broken".
Duo needs QR so I lifted this up to the base class.
Both Duo and SMS use this.
Everything that requires you to type something can share this stuff.
Duo is particular about this. /auth_status is a GET request with parameters.
On the one hand this is completely ridicluous, but it doesn't require gd, doesn't have issues with data: URI length, doesn't require a separate <img /> request or a QR endpoint, scales well to different resolutions...
And a QR code is likely never going to have so much data that this completely fails, since phones still have to be able to resolve them with the camera.