[Openid-specs-ab] Submission: prompt=create draft spec
Vittorio Bertocci
Vittorio at auth0.com
Wed Jul 24 15:39:28 UTC 2019
HI George, all-
I was wondering if we could revive this proposal and see if there are ways
to move forward. We are receiving customer requests that would be satisfied
by this or similar mechanisms to signal the desire to perform a signup
operation.
George: yesterday I discussed the feature with Nat, John, Brian and they
shared interesting insights. I'd be happy to summarize and contribute
language to that effect, if you have time to engage.
thanks!
V.
On Mon, Feb 4, 2019 at 11:30 AM George Fletcher via Openid-specs-ab <
openid-specs-ab at lists.openid.net> wrote:
> True, this isn't the original use case... but it's an interesting one.
> However, it seems like getting a "consent receipt" response would make more
> sense connected to the prompt=consent flow than a prompt=create one. And
> maybe if a "consent receipt" is attached to the act of a user giving consent,
> then this is a case where prompt="create consent" makes sense:)
>
> On 2/1/19 6:06 PM, Tom Jones via Openid-specs-ab wrote:
>
> What i think the client might need is a consent receipt to show that the
> user did agree to share the data with the client. In that case the client
> could request that user consent be sought. I am not sure at all that this
> was the reason for the request for this item, but it is a reasonable
> request from the client side to know that it has received the data in a
> lawful manner.
> Peace ..tom
>
>
> On Thu, Jan 31, 2019 at 5:05 PM Brock Allen via Openid-specs-ab <
> openid-specs-ab at lists.openid.net> wrote:
>
>> Do you have a concrete example of how a client would know to send
>> prompt=create?
>>
>> I ask because my first reaction is that given the client doesn't
>> authenticate the user, it has no idea if the user has an account or not, so
>> how/why would it know to send this value?
>>
>> Or are you simply imaging the scenario where the client shows a "login"
>> or "register" link, rather than getting the OP to do that?
>>
>> -Brock
>>
>> On 1/31/2019 3:46:26 PM, George Fletcher via Openid-specs-ab <
>> openid-specs-ab at lists.openid.net> wrote:
>> Thanks so much for the quick feedback William! Comments inline...
>>
>> On 1/31/19 12:45 PM, William Denniss wrote:
>>
>> Hi George,
>>
>> Some quick review thoughts:
>>
>> Section 4 Why is there a prohibition on combining "create" with other
>> prompt values? What if a future prompt value was added that was compatible
>> with "create"?
>>
>> My thinking (though I'm open to options) is that there are many values
>> that can be mutually exclusive. For example, what does prompt="create
>> consent" mean? I'm happy to reduce this to SHOULD to allow for future
>> possibilities. Or change the wording to explain that other prompt values
>> that conflict with "create" should not be used.
>>
>>
>> Section 4.1, "the account creation experience" isn't defined by any
>> OpenID spec, so requiring it with a MUST could be problematic. Also, most
>> guidance on the UI shown by the OP is generally in the form of
>> recommendations not normative requirements (e.g. around scope consent
>> screens).
>>
>> OK, I'm fine changing this to a SHOULD if that makes things more
>> acceptable :)
>>
>>
>> As background, how would you expect this to be shown on the client? Two
>> different buttons, one to connect an existing account, one to create a new
>> account? Might be worth a non-normative discussion in the doc about how the
>> clients might use this.
>>
>> More or less, yes:) There are some use cases where the client may want to
>> allow the user to choose between the options (sign-up vs sign-in) before
>> starting the authentication flow. I don't think it precludes the OP from
>> having to know that a client started an authenticate flow, the user chose
>> the sign-up link/button and then at the end of registration the OP needs to
>> redirect back to the client with a code. However, it does allow the client
>> to optimize the experience.
>>
>> Thanks again,
>> George
>>
>>
>> William
>>
>>
>> On Thu, Jan 31, 2019 at 9:19 AM George Fletcher via Openid-specs-ab <
>> openid-specs-ab at lists.openid.net> wrote:
>>
>>> I've attached both the XML and Text versions of a very small spec that
>>> defines a new parameter value for the 'prompt' parameter that allows the
>>> client to request the user go directly to the account creation flow and
>>> when the user has successfully created the account, return a 'code' to
>>> the client. This improves the user experience by allowing the client to
>>> direct the user directly to the account creation page.
>>>
>>> Feedback greatly appreciated!
>>>
>>> Thanks,
>>> George
>>>
>>>
>>> _______________________________________________
>>> Openid-specs-ab mailing list
>>> Openid-specs-ab at lists.openid.net
>>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>>
>>
>> --
>> Identity Standards Architect
>> Verizon Media Work: george.fletcher at oath.com
>> Mobile: +1-703-462-3494 Twitter: http://twitter.com/gffletch
>> Office: +1-703-265-2544 Photos: http://georgefletcher.photography
>>
>> _______________________________________________
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>
>
> _______________________________________________
> Openid-specs-ab mailing listOpenid-specs-ab at lists.openid.nethttp://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>
> --
> Identity Standards Architect
> Verizon Media Work: george.fletcher at oath.com
> Mobile: +1-703-462-3494 Twitter: http://twitter.com/gffletch
> Office: +1-703-265-2544 Photos: http://georgefletcher.photography
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20190724/213edab1/attachment.html>
More information about the Openid-specs-ab
mailing list