[Openid-specs-ab] Submission: prompt=create draft spec
George Fletcher
gffletch at aol.com
Mon Feb 4 19:30:00 UTC 2019
True, this isn't the original use case... but it's an interesting one.
However, it seems like getting a "consent receipt" response would make
more sense connected to the prompt=consent flow than a prompt=create
one. And maybe if a "consent receipt" is attached to the act of a user
giving consent, then this is a case where prompt="create consent" makes
sense:)
On 2/1/19 6:06 PM, Tom Jones via Openid-specs-ab wrote:
> What i think the client might need is a consent receipt to show that
> the user did agree to share the data with the client. In that case the
> client could request that user consent be sought. I am not sure at all
> that this was the reason for the request for this item, but it is a
> reasonable request from the client side to know that it has received
> the data in a lawful manner.
> Peace ..tom
>
>
> On Thu, Jan 31, 2019 at 5:05 PM Brock Allen via Openid-specs-ab
> <openid-specs-ab at lists.openid.net
> <mailto:openid-specs-ab at lists.openid.net>> wrote:
>
> Do you have a concrete example of how a client would know to send
> prompt=create?
>
> I ask because my first reaction is that given the client doesn't
> authenticate the user, it has no idea if the user has an account
> or not, so how/why would it know to send this value?
>
> Or are you simply imaging the scenario where the client shows a
> "login" or "register" link, rather than getting the OP to do that?
>
> -Brock
>
>> On 1/31/2019 3:46:26 PM, George Fletcher via Openid-specs-ab
>> <openid-specs-ab at lists.openid.net
>> <mailto:openid-specs-ab at lists.openid.net>> wrote:
>>
>> Thanks so much for the quick feedback William! Comments inline...
>>
>> On 1/31/19 12:45 PM, William Denniss wrote:
>>> Hi George,
>>>
>>> Some quick review thoughts:
>>>
>>> Section 4 Why is there a prohibition on combining "create" with
>>> other prompt values? What if a future prompt value was added
>>> that was compatible with "create"?
>> My thinking (though I'm open to options) is that there are many
>> values that can be mutually exclusive. For example, what does
>> prompt="create consent" mean? I'm happy to reduce this to SHOULD
>> to allow for future possibilities. Or change the wording to
>> explain that other prompt values that conflict with "create"
>> should not be used.
>>>
>>> Section 4.1, "the account creation experience" isn't defined by
>>> any OpenID spec, so requiring it with a MUST could be
>>> problematic. Also, most guidance on the UI shown by the OP is
>>> generally in the form of recommendations not normative
>>> requirements (e.g. around scope consent screens).
>> OK, I'm fine changing this to a SHOULD if that makes things more
>> acceptable :)
>>>
>>> As background, how would you expect this to be shown on the
>>> client? Two different buttons, one to connect an existing
>>> account, one to create a new account? Might be worth a
>>> non-normative discussion in the doc about how the clients might
>>> use this.
>> More or less, yes:) There are some use cases where the client may
>> want to allow the user to choose between the options (sign-up vs
>> sign-in) before starting the authentication flow. I don't think
>> it precludes the OP from having to know that a client started an
>> authenticate flow, the user chose the sign-up link/button and
>> then at the end of registration the OP needs to redirect back to
>> the client with a code. However, it does allow the client to
>> optimize the experience.
>>
>> Thanks again,
>> George
>>>
>>> William
>>>
>>>
>>> On Thu, Jan 31, 2019 at 9:19 AM George Fletcher via
>>> Openid-specs-ab <openid-specs-ab at lists.openid.net
>>> <mailto:openid-specs-ab at lists.openid.net>> wrote:
>>>
>>> I've attached both the XML and Text versions of a very small
>>> spec that
>>> defines a new parameter value for the 'prompt' parameter
>>> that allows the
>>> client to request the user go directly to the account
>>> creation flow and
>>> when the user has successfully created the account, return a
>>> 'code' to
>>> the client. This improves the user experience by allowing
>>> the client to
>>> direct the user directly to the account creation page.
>>>
>>> Feedback greatly appreciated!
>>>
>>> Thanks,
>>> George
>>>
>>>
>>> _______________________________________________
>>> Openid-specs-ab mailing list
>>> Openid-specs-ab at lists.openid.net
>>> <mailto:Openid-specs-ab at lists.openid.net>
>>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>>
>>
>> --
>> Identity Standards Architect
>> Verizon Media Work:george.fletcher at oath.com <mailto:george.fletcher at oath.com>
>> Mobile: +1-703-462-3494 Twitter:http://twitter.com/gffletch
>> Office: +1-703-265-2544 Photos:http://georgefletcher.photography
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> <mailto:Openid-specs-ab at lists.openid.net>
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
--
Identity Standards Architect
Verizon Media Work: george.fletcher at oath.com
Mobile: +1-703-462-3494 Twitter: http://twitter.com/gffletch
Office: +1-703-265-2544 Photos: http://georgefletcher.photography
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20190204/551e627f/attachment.html>
More information about the Openid-specs-ab
mailing list