switch bugcrowd auth to Okta IDX flow

Bugcrowd moved back to Okta for authentication. This restores and
updates the Okta IDX login flow (introspect → identify → password
challenge → OTP challenge → token redirect) with fixes for the
new redirect chain through /auth/set-session.

Also adds session keepalive, cookie dedup, and updates --token
flag to use _bugcrowd_session cookie.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: sw33tLie

README.md

@@ -115,7 +115,7 @@ Alternatively, you can provide credentials directly via command-line flags when
 | Command | Flag | Description |
 | --- | --- | --- |
 | `poll h1` | `--user`, `--token` | Your HackerOne username and API token. |
-| `poll bc` | `--token` | A live `_crowdcontrol_session_key` cookie. Use as an alternative to email/pass/otp. |
+| `poll bc` | `--token` | A live `_bugcrowd_session` cookie value. Use as an alternative to email/pass/otp. |
 | | `--email`, `--password`, `--otp-secret` | Your Bugcrowd login credentials. |
 | `poll it` | `--token` | Your Intigriti authorization token (Bearer). |
 | `poll ywh` | `--token` | A live YesWeHack bearer token. Use as an alternative to email/pass/otp. |
@@ -360,7 +360,7 @@ bbscope poll h1 --user "your_user" --token "your_token"
 
 ```bash
 # Using session token
-bbscope poll bc --token "your_crowdcontrol_session_key"
+bbscope poll bc --token "your_bugcrowd_session_cookie"
 
 # Using credentials
 bbscope poll bc --email "..." --password "..." --otp-secret "..."

cmd/poll_bc.go

@@ -45,7 +45,7 @@ var pollBcCmd = &cobra.Command{
 func init() {
 	pollCmd.AddCommand(pollBcCmd)
 	pollBcCmd.Flags().BoolP("public-only", "", false, "Fetch only public programs without authentication")
-	pollBcCmd.Flags().StringP("token", "t", "", "Bugcrowd _crowdcontrol_session_key cookie value")
+	pollBcCmd.Flags().StringP("token", "t", "", "Bugcrowd _bugcrowd_session cookie value")
 	pollBcCmd.Flags().StringP("email", "E", "", "Bugcrowd login email")
 	pollBcCmd.Flags().StringP("password", "P", "", "Bugcrowd login password")
 	pollBcCmd.Flags().StringP("otp-secret", "O", "", "Bugcrowd TOTP secret (base32)")

docs/src/platforms/bugcrowd.md

@@ -23,10 +23,10 @@ bbscope poll bc --email you@example.com --password pass --otp-secret SECRET
 
 ### 2. Token authentication
 
-Use a session token directly:
+Use a `_bugcrowd_session` cookie value directly (grab it from your browser's DevTools):
 
 ```bash
-bbscope poll bc --token "your_session_token"
+bbscope poll bc --token "your_bugcrowd_session_cookie"
 ```
 
 ### 3. Public-only mode (no auth)