[Openid-specs-ab] What error should be returned when prompt=none used and the user is not logged in?

Vladimir Dzhuvinov / NimbusDS vladimir at nimbusds.com
Thu Oct 10 06:26:40 UTC 2013


Hi Torsten, hi guys.

I was also wondering what the actual relation of "interaction_required"
to "login_required" and "consent_required" actually is. Is it an error
that catches both conditions? 

Vladimir


On Sat, 2013-10-05 at 10:12 +0200, Torsten Lodderstedt wrote:
> Hi Mike,
> 
> what about "interaction_required"? That's what our OP responds with in
> that case. It covers two use cases, login required as well as consent
> required.
> 
> regards,
> Torsten.
> 
> Am 03.10.2013 02:46, schrieb Mike Jones:
> 
> > Thanks – we’ll go with login_required then.  How about the other
> > question “What error should be returned when prompt=none and no
> > id_token_hint is present and is required?”  Is invalid_request good
> > for that, as far as you’re concerned?
> > 
> >  
> > 
> >                                                             -- Mike
> > 
> >  
> > 
> > From: Breno de Medeiros [mailto:breno at google.com] 
> > Sent: Wednesday, October 02, 2013 5:43 PM
> > To: Mike Jones
> > Cc: openid-specs-ab at lists.openid.net; Naveen Agarwal
> > Subject: RE: What error should be returned when prompt=none used and
> > the user is not logged in?
> > 
> >  
> > 
> > On Oct 2, 2013 12:30 PM, "Mike Jones" <Michael.Jones at microsoft.com>
> > wrote:
> > 
> > If the user isn’t logged in, how can you issue an ID Token?
> > 
> > 
> >  
> > 
> > 
> > Sorry, I lost context, I thought the question was about
> > prompt=login, but it it about prompt=none.
> > 
> > 
> >  
> > 
> > 
> > Today Google's IDP returns 'error=immediate_failed". It should be
> > possible to return login_required instead.
> > 
> > 
> >  
> > 
> > 
> >  
> > 
> > 
> >  
> > 
> > 
> >          
> >         
> >         From: Breno de Medeiros [mailto:breno at google.com] 
> >         Sent: Wednesday, October 02, 2013 12:27 PM
> >         To: Mike Jones
> >         Cc: openid-specs-ab at lists.openid.net; Naveen Agarwal
> >         Subject: RE: What error should be returned when prompt=none
> >         used and the user is not logged in?
> >         
> >          
> >         
> >         There is no need for an error. We issue a regular assertion
> >         w/o a reauth clause.
> >         
> >         On Oct 2, 2013 12:21 PM, "Mike Jones"
> >         <Michael.Jones at microsoft.com> wrote:
> >         
> >         What error do you return in this case?
> >         
> >         -----Original Message-----
> >         From: Breno de Medeiros [mailto:breno at google.com]
> >         Sent: Wednesday, October 02, 2013 12:16 PM
> >         To: Mike Jones
> >         Cc: Naveen Agarwal; openid-specs-ab at lists.openid.net
> >         Subject: Re: What error should be returned when prompt=none
> >         used and the user is not logged in?
> >         
> >         I am unaware of implementations of login_required.
> >         
> >         On Wed, Oct 2, 2013 at 12:00 PM, Mike Jones
> >         <Michael.Jones at microsoft.com> wrote:
> >         > Googlers, can you be sure to reply to this thread?
> >         >
> >         >
> >         >
> >         >
> >         > Thanks,
> >         >
> >         >
> >         --
> >         > Mike
> >         >
> >         >
> >         >
> >         > From: openid-specs-ab-bounces at lists.openid.net
> >         > [mailto:openid-specs-ab-bounces at lists.openid.net] On
> >         Behalf Of Mike
> >         > Jones
> >         > Sent: Wednesday, October 02, 2013 11:36 AM
> >         > To: openid-specs-ab at lists.openid.net
> >         > Subject: [Openid-specs-ab] What error should be returned
> >         when
> >         > prompt=none used and the user is not logged in?
> >         >
> >         >
> >         >
> >         > login_required?
> >         >
> >         >
> >         >
> >         > What are implementations in production use returning in
> >         this case?
> >         >
> >         >
> >         >
> >         >
> >         --
> >         > Mike
> >         >
> >         >
> >         
> >         
> >         
> >         --
> >         --Breno
> >         
> >         
> > 
> > 
> > _______________________________________________
> > Openid-specs-ab mailing list
> > Openid-specs-ab at lists.openid.net
> > http://lists.openid.net/mailman/listinfo/openid-specs-ab
> 
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3258 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20131010/72e709f5/attachment.bin>


More information about the Openid-specs-ab mailing list