// nevisProxy replaces the entire AUTH: scope when new outargs are returned by nevisAuth.
// Thus, we have to store tokens in the session (as a String) and restore them on subsequent step-ups.

// restore tokens
session.each { key, value ->
    if (key.startsWith('outarg.token.')) {
        def name = key.substring(7)
        if (outargs.containsKey(name)) {
            LOG.debug("not restoring token (outarg: $name) from session: outarg already set")
        }
        else {
            LOG.debug("restoring token (outarg: $name) from session")
            outargs.put(name, value)
        }
    }
}

// store tokens
outargs.each { name, value ->
    if (name.startsWith('token.')) {
        session.put('outarg.' + name, value)
    }
}