# WebB auth middleware — identical pattern to WebA
def require_auth_webb(request):
    session_id = request.COOKIES.get('session_b')
    session    = redis.get(f"webb:{session_id}") if session_id else None

    if not session:
        state = generate_secure_random(32)
        nonce = generate_secure_random(32)
        redis.setex(f"preauth:webb:{state}", 300, json.dumps({
            'nonce':       nonce,
            'redirect_to': request.path
        }))
        return redirect_to_sso_authorize(
            client_id    = 'web-b-001',
            redirect_uri = 'https://web-b.example.com/auth/callback',
            scope        = 'openid profile email api:resourceB',
            state        = state,
            nonce        = nonce
        )