[Openid-specs-ab] What error should be returned when prompt=none used and the user is not logged in?
Vladimir Dzhuvinov / NimbusDS
vladimir at nimbusds.com
Thu Oct 10 06:26:40 UTC 2013
Hi Torsten, hi guys.
I was also wondering what the actual relation of "interaction_required"
to "login_required" and "consent_required" actually is. Is it an error
that catches both conditions?
Vladimir
On Sat, 2013-10-05 at 10:12 +0200, Torsten Lodderstedt wrote:
> Hi Mike,
>
> what about "interaction_required"? That's what our OP responds with in
> that case. It covers two use cases, login required as well as consent
> required.
>
> regards,
> Torsten.
>
> Am 03.10.2013 02:46, schrieb Mike Jones:
>
> > Thanks – we’ll go with login_required then. How about the other
> > question “What error should be returned when prompt=none and no
> > id_token_hint is present and is required?” Is invalid_request good
> > for that, as far as you’re concerned?
> >
> >
> >
> > -- Mike
> >
> >
> >
> > From: Breno de Medeiros [mailto:breno at google.com]
> > Sent: Wednesday, October 02, 2013 5:43 PM
> > To: Mike Jones
> > Cc: openid-specs-ab at lists.openid.net; Naveen Agarwal
> > Subject: RE: What error should be returned when prompt=none used and
> > the user is not logged in?
> >
> >
> >
> > On Oct 2, 2013 12:30 PM, "Mike Jones" <Michael.Jones at microsoft.com>
> > wrote:
> >
> > If the user isn’t logged in, how can you issue an ID Token?
> >
> >
> >
> >
> >
> > Sorry, I lost context, I thought the question was about
> > prompt=login, but it it about prompt=none.
> >
> >
> >
> >
> >
> > Today Google's IDP returns 'error=immediate_failed". It should be
> > possible to return login_required instead.
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > From: Breno de Medeiros [mailto:breno at google.com]
> > Sent: Wednesday, October 02, 2013 12:27 PM
> > To: Mike Jones
> > Cc: openid-specs-ab at lists.openid.net; Naveen Agarwal
> > Subject: RE: What error should be returned when prompt=none
> > used and the user is not logged in?
> >
> >
> >
> > There is no need for an error. We issue a regular assertion
> > w/o a reauth clause.
> >
> > On Oct 2, 2013 12:21 PM, "Mike Jones"
> > <Michael.Jones at microsoft.com> wrote:
> >
> > What error do you return in this case?
> >
> > -----Original Message-----
> > From: Breno de Medeiros [mailto:breno at google.com]
> > Sent: Wednesday, October 02, 2013 12:16 PM
> > To: Mike Jones
> > Cc: Naveen Agarwal; openid-specs-ab at lists.openid.net
> > Subject: Re: What error should be returned when prompt=none
> > used and the user is not logged in?
> >
> > I am unaware of implementations of login_required.
> >
> > On Wed, Oct 2, 2013 at 12:00 PM, Mike Jones
> > <Michael.Jones at microsoft.com> wrote:
> > > Googlers, can you be sure to reply to this thread?
> > >
> > >
> > >
> > >
> > > Thanks,
> > >
> > >
> > --
> > > Mike
> > >
> > >
> > >
> > > From: openid-specs-ab-bounces at lists.openid.net
> > > [mailto:openid-specs-ab-bounces at lists.openid.net] On
> > Behalf Of Mike
> > > Jones
> > > Sent: Wednesday, October 02, 2013 11:36 AM
> > > To: openid-specs-ab at lists.openid.net
> > > Subject: [Openid-specs-ab] What error should be returned
> > when
> > > prompt=none used and the user is not logged in?
> > >
> > >
> > >
> > > login_required?
> > >
> > >
> > >
> > > What are implementations in production use returning in
> > this case?
> > >
> > >
> > >
> > >
> > --
> > > Mike
> > >
> > >
> >
> >
> >
> > --
> > --Breno
> >
> >
> >
> >
> > _______________________________________________
> > Openid-specs-ab mailing list
> > Openid-specs-ab at lists.openid.net
> > http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3258 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20131010/72e709f5/attachment.bin>
More information about the Openid-specs-ab
mailing list