[Openid-specs-ab] Behaviour of OIDC 'prompt=none' when logged in
Hasanthi Purnima Dissanayake
hasanthi at wso2.com
Mon Jul 18 11:34:03 UTC 2016
According to the spec  when prompt=none the result should as below.
> The Authorization Server MUST NOT display any authentication or consent
> user interface pages. An error is returned if an End-User is not already
> authenticated or the Client does not have per-configured consent for the
> requested Claims or does not fulfill other conditions for processing the
If we consider a scenario like
1. User sends authorization request without any prompt value to the IS
2. Server gives the login page
3. User provides credentials
4. Authentication successful and server returns consent page
5. User provides consent as 'Approve'
6. User send a authorization request with prompt =none
So do we consider this consent which we have set in the same session as a
pre-configured consent or do we need to return an error with
consent-required error code?
Software Engineer | WSO2
E: hasanthi at wso2.com
M :0718407133| http://wso2.com <http://wso2.com/>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-ab