There must be an authorization endpoint which explicitly connects a user session with an existing system user or anonymous if none exists.
There must be an authorization endpoint which explicitly connects a user session with an existing system user or anonymous if none exists.