[Openid-specs-ab] Issue #877: Messages 2.1.3 Description of interaction_required, login_required, session_selection_required and consent_required conflicts with prompt none specification (openid/connect)

Vladimir Dzhuvinov issues-reply at bitbucket.org
Mon Sep 30 07:30:40 UTC 2013


New issue 877: Messages 2.1.3 Description of interaction_required, login_required, session_selection_required and consent_required conflicts with prompt none specification
https://bitbucket.org/openid/connect/issue/877/messages-213-description-of

Vladimir Dzhuvinov:

Prompt "none" specifies that the "Authorization Server **MUST NOT** display any authentication or consent user interface pages."

Section 2.1.3 however gives the requirement as "SHOULD NOT":

***
interaction_required

The Authorization Server requires End-User interaction of some form to proceed. This error MAY be returned when the prompt parameter in the Authorization Request is set to none to request that the Authorization Server SHOULD NOT display any user interfaces to the End-User, but the Authorization Request cannot be completed without displaying a user interface for End-User interaction. 

login_required

The Authorization Server requires End-User authentication. This error MAY be returned when the prompt parameter in the Authorization Request is set to none to request that the Authorization Server SHOULD NOT display any user interfaces to the End-User, but the Authorization Request cannot be completed without displaying a user interface for user authentication. 

session_selection_required

The End-User is REQUIRED to select a session at the Authorization Server. The End-User MAY be authenticated at the Authorization Server with different associated accounts, but the End-User did not select a session. This error MAY be returned when the prompt parameter in the Authorization Request is set to none to request that the Authorization Server SHOULD NOT display any user interfaces to the End-User, but the Authorization Request cannot be completed without displaying a user interface to prompt for a session to use. 

consent_required

The Authorization Server requires End-User consent. This error MAY be returned when the prompt parameter in the Authorization Request is set to none to request that the Authorization Server SHOULD NOT display any user interfaces to the End-User, but the Authorization Request cannot be completed without displaying a user interface for End-User consent. 




More information about the Openid-specs-ab mailing list