[Openid-specs-ab] What error should be returned when prompt=none used and the user is not logged in?

Breno de Medeiros breno at google.com
Thu Oct 3 00:49:34 UTC 2013


What about trying to satisfy the request when possible -- for
instance, if there's a signed-in user that has approved the
application in the past, it may make sense to return an id_token for
the user?

On Wed, Oct 2, 2013 at 5:46 PM, Mike Jones <Michael.Jones at microsoft.com> wrote:
> Thanks – we’ll go with login_required then.  How about the other question
> “What error should be returned when prompt=none and no id_token_hint is
> present and is required?”  Is invalid_request good for that, as far as
> you’re concerned?
>
>
>
>                                                             -- Mike
>
>
>
> From: Breno de Medeiros [mailto:breno at google.com]
> Sent: Wednesday, October 02, 2013 5:43 PM
>
>
> To: Mike Jones
> Cc: openid-specs-ab at lists.openid.net; Naveen Agarwal
> Subject: RE: What error should be returned when prompt=none used and the
> user is not logged in?
>
>
>
> On Oct 2, 2013 12:30 PM, "Mike Jones" <Michael.Jones at microsoft.com> wrote:
>
> If the user isn’t logged in, how can you issue an ID Token?
>
>
>
> Sorry, I lost context, I thought the question was about prompt=login, but it
> it about prompt=none.
>
>
>
> Today Google's IDP returns 'error=immediate_failed". It should be possible
> to return login_required instead.
>
>
>
>
>
>
>
>
>
> From: Breno de Medeiros [mailto:breno at google.com]
> Sent: Wednesday, October 02, 2013 12:27 PM
> To: Mike Jones
> Cc: openid-specs-ab at lists.openid.net; Naveen Agarwal
> Subject: RE: What error should be returned when prompt=none used and the
> user is not logged in?
>
>
>
> There is no need for an error. We issue a regular assertion w/o a reauth
> clause.
>
> On Oct 2, 2013 12:21 PM, "Mike Jones" <Michael.Jones at microsoft.com> wrote:
>
> What error do you return in this case?
>
> -----Original Message-----
> From: Breno de Medeiros [mailto:breno at google.com]
> Sent: Wednesday, October 02, 2013 12:16 PM
> To: Mike Jones
> Cc: Naveen Agarwal; openid-specs-ab at lists.openid.net
> Subject: Re: What error should be returned when prompt=none used and the
> user is not logged in?
>
> I am unaware of implementations of login_required.
>
> On Wed, Oct 2, 2013 at 12:00 PM, Mike Jones <Michael.Jones at microsoft.com>
> wrote:
>> Googlers, can you be sure to reply to this thread?
>>
>>
>>
>>
>> Thanks,
>>
>>                                                                 --
>> Mike
>>
>>
>>
>> From: openid-specs-ab-bounces at lists.openid.net
>> [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Mike
>> Jones
>> Sent: Wednesday, October 02, 2013 11:36 AM
>> To: openid-specs-ab at lists.openid.net
>> Subject: [Openid-specs-ab] What error should be returned when
>> prompt=none used and the user is not logged in?
>>
>>
>>
>> login_required?
>>
>>
>>
>> What are implementations in production use returning in this case?
>>
>>
>>
>>                                                                 --
>> Mike
>>
>>
>
>
>
> --
> --Breno



-- 
--Breno


More information about the Openid-specs-ab mailing list