[Openid-specs-ab] Submission: prompt=create draft spec

Fri Feb 1 23:06:35 UTC 2019

What i think the client might need is a consent receipt to show that the
user did agree to share the data with the client. In that case the client
could request that user consent be sought. I am not sure at all that this
was the reason for the request for this item, but it is a reasonable
request from the client side to know that it has received the data in a
lawful manner.
Peace ..tom

On Thu, Jan 31, 2019 at 5:05 PM Brock Allen via Openid-specs-ab <
openid-specs-ab at lists.openid.net> wrote:

> Do you have a concrete example of how a client would know to send
> prompt=create?
>
> I ask because my first reaction is that given the client doesn't
> authenticate the user, it has no idea if the user has an account or not, so
> how/why would it know to send this value?
>
> Or are you simply imaging the scenario where the client shows a "login" or
> "register" link, rather than getting the OP to do that?
>
> -Brock
>
> On 1/31/2019 3:46:26 PM, George Fletcher via Openid-specs-ab <
> openid-specs-ab at lists.openid.net> wrote:
> Thanks so much for the quick feedback William! Comments inline...
>
> On 1/31/19 12:45 PM, William Denniss wrote:
>
> Hi George,
>
> Some quick review thoughts:
>
> Section 4 Why is there a prohibition on combining "create" with other
> prompt values? What if a future prompt value was added that was compatible
> with "create"?
>
> My thinking (though I'm open to options) is that there are many values
> that can be mutually exclusive. For example, what does prompt="create
> consent" mean? I'm happy to reduce this to SHOULD to allow for future
> possibilities. Or change the wording to explain that other prompt values
> that conflict with "create" should not be used.
>
>
> Section 4.1, "the account creation experience" isn't defined by any OpenID
> spec, so requiring it with a MUST could be problematic. Also, most guidance
> on the UI shown by the OP is generally in the form of recommendations not
> normative requirements (e.g. around scope consent screens).
>
> OK, I'm fine changing this to a SHOULD if that makes things more
> acceptable :)
>
>
> As background, how would you expect this to be shown on the client? Two
> different buttons, one to connect an existing account, one to create a new
> account? Might be worth a non-normative discussion in the doc about how the
> clients might use this.
>
> More or less, yes:) There are some use cases where the client may want to
> allow the user to choose between the options (sign-up vs sign-in) before
> starting the authentication flow. I don't think it precludes the OP from
> having to know that a client started an authenticate flow, the user chose
> the sign-up link/button and then at the end of registration the OP needs to
> redirect back to the client with a code. However, it does allow the client
> to optimize the experience.
>
> Thanks again,
> George
>
>
> William
>
>
> On Thu, Jan 31, 2019 at 9:19 AM George Fletcher via Openid-specs-ab <
> openid-specs-ab at lists.openid.net> wrote:
>
>> I've attached both the XML and Text versions of a very small spec that
>> defines a new parameter value for the 'prompt' parameter that allows the
>> client to request the user go directly to the account creation flow and
>> when the user has successfully created the account, return a 'code' to
>> the client. This improves the user experience by allowing the client to
>> direct the user directly to the account creation page.
>>
>> Feedback greatly appreciated!
>>
>> Thanks,
>> George
>>
>>
>> _______________________________________________
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>
>
> --
> Identity Standards Architect
> Verizon Media                     Work: george.fletcher at oath.com
> Mobile: +1-703-462-3494           Twitter: http://twitter.com/gffletch
> Office: +1-703-265-2544           Photos: http://georgefletcher.photography
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20190201/90922673/attachment.html>