[Openid-specs-ab] What error should be returned when prompt=none used and the user is not logged in?

Torsten Lodderstedt torsten at lodderstedt.net
Sat Oct 5 08:12:13 UTC 2013


Hi Mike,

what about "interaction_required"? That's what our OP responds with in 
that case. It covers two use cases, login required as well as consent 
required.

regards,
Torsten.

Am 03.10.2013 02:46, schrieb Mike Jones:
>
> Thanks -- we'll go with login_required then.  How about the other 
> question "What error should be returned when prompt=none and no 
> id_token_hint is present and is required?"  Is invalid_request good 
> for that, as far as you're concerned?
>
> -- Mike
>
> *From:*Breno de Medeiros [mailto:breno at google.com]
> *Sent:* Wednesday, October 02, 2013 5:43 PM
> *To:* Mike Jones
> *Cc:* openid-specs-ab at lists.openid.net; Naveen Agarwal
> *Subject:* RE: What error should be returned when prompt=none used and 
> the user is not logged in?
>
> On Oct 2, 2013 12:30 PM, "Mike Jones" <Michael.Jones at microsoft.com 
> <mailto:Michael.Jones at microsoft.com>> wrote:
>
> If the user isn't logged in, how can you issue an ID Token?
>
> Sorry, I lost context, I thought the question was about prompt=login, 
> but it it about prompt=none.
>
> Today Google's IDP returns 'error=immediate_failed". It should be 
> possible to return login_required instead.
>
>     *From:*Breno de Medeiros [mailto:breno at google.com
>     <mailto:breno at google.com>]
>     *Sent:* Wednesday, October 02, 2013 12:27 PM
>     *To:* Mike Jones
>     *Cc:* openid-specs-ab at lists.openid.net
>     <mailto:openid-specs-ab at lists.openid.net>; Naveen Agarwal
>     *Subject:* RE: What error should be returned when prompt=none used
>     and the user is not logged in?
>
>     There is no need for an error. We issue a regular assertion w/o a
>     reauth clause.
>
>     On Oct 2, 2013 12:21 PM, "Mike Jones" <Michael.Jones at microsoft.com
>     <mailto:Michael.Jones at microsoft.com>> wrote:
>
>     What error do you return in this case?
>
>     -----Original Message-----
>     From: Breno de Medeiros [mailto:breno at google.com
>     <mailto:breno at google.com>]
>     Sent: Wednesday, October 02, 2013 12:16 PM
>     To: Mike Jones
>     Cc: Naveen Agarwal; openid-specs-ab at lists.openid.net
>     <mailto:openid-specs-ab at lists.openid.net>
>     Subject: Re: What error should be returned when prompt=none used
>     and the user is not logged in?
>
>     I am unaware of implementations of login_required.
>
>     On Wed, Oct 2, 2013 at 12:00 PM, Mike Jones
>     <Michael.Jones at microsoft.com <mailto:Michael.Jones at microsoft.com>>
>     wrote:
>     > Googlers, can you be sure to reply to this thread?
>     >
>     >
>     >
>     >
>     > Thanks,
>     >
>     >                   --
>     > Mike
>     >
>     >
>     >
>     > From: openid-specs-ab-bounces at lists.openid.net
>     <mailto:openid-specs-ab-bounces at lists.openid.net>
>     > [mailto:openid-specs-ab-bounces at lists.openid.net
>     <mailto:openid-specs-ab-bounces at lists.openid.net>] On Behalf Of Mike
>     > Jones
>     > Sent: Wednesday, October 02, 2013 11:36 AM
>     > To: openid-specs-ab at lists.openid.net
>     <mailto:openid-specs-ab at lists.openid.net>
>     > Subject: [Openid-specs-ab] What error should be returned when
>     > prompt=none used and the user is not logged in?
>     >
>     >
>     >
>     > login_required?
>     >
>     >
>     >
>     > What are implementations in production use returning in this case?
>     >
>     >
>     >
>     >                   --
>     > Mike
>     >
>     >
>
>
>
>     --
>     --Breno
>
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20131005/37e99e8c/attachment.html>


More information about the Openid-specs-ab mailing list