Here we are at that foreboding Oracle stored procedure with a dozen
p_get_app_conns. But that is not what is notable about this procedure. Rather, the internal workings are what we need to give attention to. However, even those are familiar.
If we pass SSO, then we deal with two-factor authentication. If the user did not submit a two-factor code, we call the
f_send_2_factor function, passing our validated user name and the
application_id in order to create, distribute and cache (store in a table) a two-factor code for this user in this application.
However, if the user did submit a two-factor authentication code, then we call the
f_is_cur_cached_cd function, ...