public void authenticate(HttpListenerRequest req, HttpListenerResponse res, HTTPSession session)
{
// use the session object to store state between requests
session["nonce"] = RandomString();
session["state"] = RandomString();
// TODO make authentication request
// TODO insert the redirect URL
string login_url = null;
res.Redirect(login_url);
res.Close();
}