It's still quessionable but maybe it will be better to use just cgi instead of json-rpc and rpcd.
We may still create ubus session in hook.
The reason to do this is because if we want to support a form/post flow we anyway have to use a plain cgi to read POST params. But it anayway is not used by main auth providers.
Another reason is to be able to use cgi-oauth on termux or other platforms that doesn't have rpcd anyway.
But then it still must be some session implementation
It's still quessionable but maybe it will be better to use just cgi instead of json-rpc and rpcd.
We may still create ubus session in hook.
The reason to do this is because if we want to support a form/post flow we anyway have to use a plain cgi to read POST params. But it anayway is not used by main auth providers.
Another reason is to be able to use cgi-oauth on termux or other platforms that doesn't have rpcd anyway.
But then it still must be some session implementation