We now use authenticationSession instead of clientSession to reflect
the renaming of ClientSessionModel to AuthenticationSessionModel.
Note that this is a breaking change which needs to be mentioned in
the upgrade notes!
Previously the ScriptBasedAuthenticator did not expose the current
clientSession from the AuthenticationFlowContext.
In order to implement client specific authentications with javascript
one needs information about the current client.
Previously ScriptAuthenticator required a user to be authenticated
before it could be used as an additional authentication step which
limited the scenarios the authenticator could be used.
We now allow ScriptAuthenticators to be used without requiring an
user to be authenticated before.
Adapted the authenticator-template.js with a null safe username check.
Note that existing custom ScriptAuthenticators might need some additional
null checks since the user can now be undefined.
Refactored the scripting infrastructure and added documentation.
Added tests and an authenticator template in JavaScript for a quickstart.
Increased height of ace code editor to 600px to avoid scrolling.
