[Openid-specs-ab] Submission: prompt=create draft spec

George Fletcher gffletch at aol.com
Thu Jan 31 20:46:06 UTC 2019 

Thanks so much for the quick feedback William! Comments inline...

On 1/31/19 12:45 PM, William Denniss wrote:
> Hi George,
>
> Some quick review thoughts:
>
> Section 4 Why is there a prohibition on combining "create" with other 
> prompt values? What if a future prompt value was added that was 
> compatible with "create"?
My thinking (though I'm open to options) is that there are many values 
that can be mutually exclusive. For example, what does prompt="create 
consent" mean? I'm happy to reduce this to SHOULD to allow for future 
possibilities. Or change the wording to explain that other prompt values 
that conflict with "create" should not be used.
>
> Section 4.1, "the account creation experience" isn't defined by any 
> OpenID spec, so requiring it with a MUST could be problematic. Also, 
> most guidance on the UI shown by the OP is generally in the form of 
> recommendations not normative requirements (e.g. around scope consent 
> screens).
OK, I'm fine changing this to a SHOULD if that makes things more 
acceptable :)
>
> As background, how would you expect this to be shown on the client? 
> Two different buttons, one to connect an existing account, one to 
> create a new account? Might be worth a non-normative discussion in the 
> doc about how the clients might use this.
More or less, yes:) There are some use cases where the client may want 
to allow the user to choose between the options (sign-up vs sign-in) 
before starting the authentication flow. I don't think it precludes the 
OP from having to know that a client started an authenticate flow, the 
user chose the sign-up link/button and then at the end of registration 
the OP needs to redirect back to the client with a code. However, it 
does allow the client to optimize the experience.

Thanks again,
George
>
> William
>
>
> On Thu, Jan 31, 2019 at 9:19 AM George Fletcher via Openid-specs-ab 
> <openid-specs-ab at lists.openid.net 
> <mailto:openid-specs-ab at lists.openid.net>> wrote:
>
>     I've attached both the XML and Text versions of a very small spec
>     that
>     defines a new parameter value for the 'prompt' parameter that
>     allows the
>     client to request the user go directly to the account creation
>     flow and
>     when the user has successfully created the account, return a
>     'code' to
>     the client. This improves the user experience by allowing the
>     client to
>     direct the user directly to the account creation page.
>
>     Feedback greatly appreciated!
>
>     Thanks,
>     George
>
>
>     _______________________________________________
>     Openid-specs-ab mailing list
>     Openid-specs-ab at lists.openid.net
>     <mailto:Openid-specs-ab at lists.openid.net>
>     http://lists.openid.net/mailman/listinfo/openid-specs-ab
>

-- 
Identity Standards Architect
Verizon Media                     Work: george.fletcher at oath.com
Mobile: +1-703-462-3494           Twitter: http://twitter.com/gffletch
Office: +1-703-265-2544           Photos: http://georgefletcher.photography

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20190131/581271d2/attachment.html>

More information about the Openid-specs-ab mailing list