[Openid-specs-ab] Using Multiple parameters with prompt request parameter
Thomas Broyer
t.broyer at gmail.com
Mon Aug 22 06:01:18 UTC 2016
"If this parameter contains none with any other value, an error is
returned."
Source: http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
Dies that answer your question?
(BTW, the link you used is to an outdated draft; implicit, code and hybrid
specs have been merged into a single core spec a while ago)
Le lun. 22 août 2016 07:45, Hasanthi Purnima Dissanayake via
Openid-specs-ab <openid-specs-ab at lists.openid.net> a écrit :
> Hi All,
> According to the spec [1] we can use space-delimited multiple values for
> prompt request parameter with authorization request.
>
>> prompt OPTIONAL. Space-delimited, case-sensitive list of ASCII string
>> values that specifies whether the Authorization Server prompts the End-User
>> for reauthentication and consent.
>
>
> So if we use an authorization request as below what will be the expected
> behaviour?
>
> https://localhost:XXXX/authorize?response_type=code&client_id=XXX&redirect_uri=https://localhost/callback&scope=openid&consent=none
> login
>
> <https://localhost:9443/oauth2/authorize?response_type=code&client_id=JqB4NGZLMC6L3n4jz094FMls2Joa&redirect_uri=https://localhost/callback&scope=openid&consent=login+consent>
> AFAIU If we use login and consent as the prompt request parameter values
> the login and consent pages should be prompted forcefully. But My concern
> is what will be the default behaviour when we use login and none together
> or consent and none together?
>
> Highly appreciate any clarification on this.
>
> [1] http://openid.net/specs/openid-connect-implicit-1_0.html
>
> Thanks,
>
> Hasanthi Dissanayake
>
> Software Engineer | WSO2
>
> E: hasanthi at wso2.com
> | http://wso2.com <http://wso2.com/>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20160822/27a12c8d/attachment.html>
More information about the Openid-specs-ab
mailing list