[Openid-specs-ab] What error should be returned when prompt=none used and the user is not logged in?
Torsten Lodderstedt
torsten at lodderstedt.net
Sat Oct 5 08:12:13 UTC 2013
Hi Mike,
what about "interaction_required"? That's what our OP responds with in
that case. It covers two use cases, login required as well as consent
required.
regards,
Torsten.
Am 03.10.2013 02:46, schrieb Mike Jones:
>
> Thanks -- we'll go with login_required then. How about the other
> question "What error should be returned when prompt=none and no
> id_token_hint is present and is required?" Is invalid_request good
> for that, as far as you're concerned?
>
> -- Mike
>
> *From:*Breno de Medeiros [mailto:breno at google.com]
> *Sent:* Wednesday, October 02, 2013 5:43 PM
> *To:* Mike Jones
> *Cc:* openid-specs-ab at lists.openid.net; Naveen Agarwal
> *Subject:* RE: What error should be returned when prompt=none used and
> the user is not logged in?
>
> On Oct 2, 2013 12:30 PM, "Mike Jones" <Michael.Jones at microsoft.com
> <mailto:Michael.Jones at microsoft.com>> wrote:
>
> If the user isn't logged in, how can you issue an ID Token?
>
> Sorry, I lost context, I thought the question was about prompt=login,
> but it it about prompt=none.
>
> Today Google's IDP returns 'error=immediate_failed". It should be
> possible to return login_required instead.
>
> *From:*Breno de Medeiros [mailto:breno at google.com
> <mailto:breno at google.com>]
> *Sent:* Wednesday, October 02, 2013 12:27 PM
> *To:* Mike Jones
> *Cc:* openid-specs-ab at lists.openid.net
> <mailto:openid-specs-ab at lists.openid.net>; Naveen Agarwal
> *Subject:* RE: What error should be returned when prompt=none used
> and the user is not logged in?
>
> There is no need for an error. We issue a regular assertion w/o a
> reauth clause.
>
> On Oct 2, 2013 12:21 PM, "Mike Jones" <Michael.Jones at microsoft.com
> <mailto:Michael.Jones at microsoft.com>> wrote:
>
> What error do you return in this case?
>
> -----Original Message-----
> From: Breno de Medeiros [mailto:breno at google.com
> <mailto:breno at google.com>]
> Sent: Wednesday, October 02, 2013 12:16 PM
> To: Mike Jones
> Cc: Naveen Agarwal; openid-specs-ab at lists.openid.net
> <mailto:openid-specs-ab at lists.openid.net>
> Subject: Re: What error should be returned when prompt=none used
> and the user is not logged in?
>
> I am unaware of implementations of login_required.
>
> On Wed, Oct 2, 2013 at 12:00 PM, Mike Jones
> <Michael.Jones at microsoft.com <mailto:Michael.Jones at microsoft.com>>
> wrote:
> > Googlers, can you be sure to reply to this thread?
> >
> >
> >
> >
> > Thanks,
> >
> > --
> > Mike
> >
> >
> >
> > From: openid-specs-ab-bounces at lists.openid.net
> <mailto:openid-specs-ab-bounces at lists.openid.net>
> > [mailto:openid-specs-ab-bounces at lists.openid.net
> <mailto:openid-specs-ab-bounces at lists.openid.net>] On Behalf Of Mike
> > Jones
> > Sent: Wednesday, October 02, 2013 11:36 AM
> > To: openid-specs-ab at lists.openid.net
> <mailto:openid-specs-ab at lists.openid.net>
> > Subject: [Openid-specs-ab] What error should be returned when
> > prompt=none used and the user is not logged in?
> >
> >
> >
> > login_required?
> >
> >
> >
> > What are implementations in production use returning in this case?
> >
> >
> >
> > --
> > Mike
> >
> >
>
>
>
> --
> --Breno
>
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20131005/37e99e8c/attachment.html>
More information about the Openid-specs-ab
mailing list