[Openid-specs-ab] Limiting a login request to a specific user

Tim Bray tbray at textuality.com
Mon Sep 22 22:34:16 UTC 2014


Cleanest way would probably be new parameters “login_must_be” /
”id_token_must_be”, same semantics as login_hint but substitution forbidden.

On Mon, Sep 22, 2014 at 3:26 PM, Mike Jones <Michael.Jones at microsoft.com>
wrote:

>  We have a use case in which we want to limit the login to the user
> specified via the login_hint and not allow the user to sign in as a
> different user.  How would you suggest expressing that requirement?  For
> instance, should we invent a new request parameter such as “this_user=true”
> (which could be used in combination with login_hint or id_token_hint)?  Or
> might a “prompt” parameter value such as “prompt=this_user” be
> appropriate?  Or would that possibly conflict with other uses of “prompt”?
>
>
>
>                                                                 -- Mike
>
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>


-- 
- Tim Bray (If you’d like to send me a private message, see
https://keybase.io/timbray)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20140922/ca6be766/attachment.html>


More information about the Openid-specs-ab mailing list