[Openid-specs-ab] Question re core "prompt=login"
Todd W Lainhart
lainhart at us.ibm.com
Mon Mar 3 18:59:25 UTC 2014
http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
A question came up here regarding whether it is legal/expected to
"switch-user" on the OP when prompt=login is given, and change the
session. The text says this:
login
The Authorization Server SHOULD prompt the End-User for reauthentication.
If it cannot reauthenticate the End-User, it MUST return an error,
typicallylogin_required.
Some interpret "reauthentication" as validating the logged-in user with a
request for a resubmit of their credentials - others interpret
"reauthentication" as the ability to do an "su". Can someone clarify the
intent?
Todd Lainhart
Rational software
IBM Corporation
550 King Street, Littleton, MA 01460-1250
1-978-899-4705
2-276-4705 (T/L)
lainhart at us.ibm.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20140303/92f32ffd/attachment.html>
More information about the Openid-specs-ab
mailing list