[Openid-specs-ab] What error should be returned when prompt=none used and the user is not logged in?

Mike Jones Michael.Jones at microsoft.com
Thu Oct 3 00:46:04 UTC 2013


Thanks - we'll go with login_required then.  How about the other question "What error should be returned when prompt=none and no id_token_hint is present and is required?"  Is invalid_request good for that, as far as you're concerned?

                                                            -- Mike

From: Breno de Medeiros [mailto:breno at google.com]
Sent: Wednesday, October 02, 2013 5:43 PM
To: Mike Jones
Cc: openid-specs-ab at lists.openid.net; Naveen Agarwal
Subject: RE: What error should be returned when prompt=none used and the user is not logged in?

On Oct 2, 2013 12:30 PM, "Mike Jones" <Michael.Jones at microsoft.com<mailto:Michael.Jones at microsoft.com>> wrote:
If the user isn't logged in, how can you issue an ID Token?

Sorry, I lost context, I thought the question was about prompt=login, but it it about prompt=none.

Today Google's IDP returns 'error=immediate_failed". It should be possible to return login_required instead.




From: Breno de Medeiros [mailto:breno at google.com<mailto:breno at google.com>]
Sent: Wednesday, October 02, 2013 12:27 PM
To: Mike Jones
Cc: openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>; Naveen Agarwal
Subject: RE: What error should be returned when prompt=none used and the user is not logged in?


There is no need for an error. We issue a regular assertion w/o a reauth clause.
On Oct 2, 2013 12:21 PM, "Mike Jones" <Michael.Jones at microsoft.com<mailto:Michael.Jones at microsoft.com>> wrote:
What error do you return in this case?

-----Original Message-----
From: Breno de Medeiros [mailto:breno at google.com<mailto:breno at google.com>]
Sent: Wednesday, October 02, 2013 12:16 PM
To: Mike Jones
Cc: Naveen Agarwal; openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>
Subject: Re: What error should be returned when prompt=none used and the user is not logged in?

I am unaware of implementations of login_required.

On Wed, Oct 2, 2013 at 12:00 PM, Mike Jones <Michael.Jones at microsoft.com<mailto:Michael.Jones at microsoft.com>> wrote:
> Googlers, can you be sure to reply to this thread?
>
>
>
>
> Thanks,
>
>                                                                 --
> Mike
>
>
>
> From: openid-specs-ab-bounces at lists.openid.net<mailto:openid-specs-ab-bounces at lists.openid.net>
> [mailto:openid-specs-ab-bounces at lists.openid.net<mailto:openid-specs-ab-bounces at lists.openid.net>] On Behalf Of Mike
> Jones
> Sent: Wednesday, October 02, 2013 11:36 AM
> To: openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>
> Subject: [Openid-specs-ab] What error should be returned when
> prompt=none used and the user is not logged in?
>
>
>
> login_required?
>
>
>
> What are implementations in production use returning in this case?
>
>
>
>                                                                 --
> Mike
>
>



--
--Breno
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20131003/686bc02e/attachment.html>


More information about the Openid-specs-ab mailing list