[Openid-specs-ab] Submission: prompt=create draft spec
nov matake
nov at matake.jp
Fri Feb 1 04:21:50 UTC 2019
�One more feedback from one of my clients.
The user could have authenticated session between IdP when prompt=create is sent.
In that case, can IdP show signup page with “or continue as Nov” link?
(I think it’s also up to IdP policy though.)
nov
> On Feb 1, 2019, at 12:43, nov matake <nov at matake.jp> wrote:
>
> The behavior could be same, if IdP can return code after signup flow in same browser session.
>
> Plus, the prompt handling is up to IdP’s policy.
> Showing login page w/o signup link also OK if it’s IdP’s decision.
> If RP wants to refuse it, RP would need a way to know signup datetime in userinfo response etc.
>
> Sent from my iPhone
>
> On Feb 1, 2019, at 12:15, Brock Allen <brockallen at gmail.com <mailto:brockallen at gmail.com>> wrote:
>
>> > So that, allowing "prompt=create login” seems meaningful to me.
>>
>> So then how's this different than the OP just letting the user click on a "register" button from the login page? IOW, wouldn't "create" be implied?
>>
>> BTW, it might sound like I'm against this new prompt param -- I'm not. I am just trying to get it straight in my mind.
>>
>> -Brock
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20190201/be445964/attachment.html>
More information about the Openid-specs-ab
mailing list