<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Hi Mike,<br>
<br>
what about "interaction_required"? That's what our OP responds with
in that case. It covers two use cases, login required as well as
consent required.<br>
<br>
regards,<br>
Torsten.<br>
<br>
<div class="moz-cite-prefix">Am 03.10.2013 02:46, schrieb Mike
Jones:<br>
</div>
<blockquote
cite="mid:4E1F6AAD24975D4BA5B16804296739437201AA83@TK5EX14MBXC290.redmond.corp.microsoft.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Thanks
– we’ll go with login_required then. How about the other
question “What error should be returned when prompt=none and
no id_token_hint is present and is required?” Is
invalid_request good for that, as far as you’re concerned?<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">
-- Mike<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
Breno de Medeiros [<a class="moz-txt-link-freetext" href="mailto:breno@google.com">mailto:breno@google.com</a>]
<br>
<b>Sent:</b> Wednesday, October 02, 2013 5:43 PM<br>
<b>To:</b> Mike Jones<br>
<b>Cc:</b> <a class="moz-txt-link-abbreviated" href="mailto:openid-specs-ab@lists.openid.net">openid-specs-ab@lists.openid.net</a>; Naveen Agarwal<br>
<b>Subject:</b> RE: What error should be returned when
prompt=none used and the user is not logged in?<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal">On Oct 2, 2013 12:30 PM, "Mike Jones"
<<a moz-do-not-send="true"
href="mailto:Michael.Jones@microsoft.com"
target="_blank">Michael.Jones@microsoft.com</a>>
wrote:<o:p></o:p></p>
<div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">If
the user isn’t logged in, how can you issue an ID
Token?</span><o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Sorry, I lost context, I thought the
question was about prompt=login, but it it about
prompt=none.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Today Google's IDP returns
'error=immediate_failed". It should be possible to
return login_required instead.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC
1.0pt;padding:0in 0in 0in
6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
Breno de Medeiros [mailto:<a
moz-do-not-send="true"
href="mailto:breno@google.com" target="_blank">breno@google.com</a>]
<br>
<b>Sent:</b> Wednesday, October 02, 2013 12:27 PM<br>
<b>To:</b> Mike Jones<br>
<b>Cc:</b> <a moz-do-not-send="true"
href="mailto:openid-specs-ab@lists.openid.net"
target="_blank">openid-specs-ab@lists.openid.net</a>;
Naveen Agarwal<br>
<b>Subject:</b> RE: What error should be returned
when prompt=none used and the user is not logged
in?</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p>There is no need for an error. We issue a regular
assertion w/o a reauth clause.<o:p></o:p></p>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">On
Oct 2, 2013 12:21 PM, "Mike Jones" <<a
moz-do-not-send="true"
href="mailto:Michael.Jones@microsoft.com"
target="_blank">Michael.Jones@microsoft.com</a>>
wrote:<o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">What
error do you return in this case?<br>
<br>
-----Original Message-----<br>
From: Breno de Medeiros [mailto:<a
moz-do-not-send="true"
href="mailto:breno@google.com" target="_blank">breno@google.com</a>]<br>
Sent: Wednesday, October 02, 2013 12:16 PM<br>
To: Mike Jones<br>
Cc: Naveen Agarwal; <a moz-do-not-send="true"
href="mailto:openid-specs-ab@lists.openid.net"
target="_blank">
openid-specs-ab@lists.openid.net</a><br>
Subject: Re: What error should be returned when
prompt=none used and the user is not logged in?<br>
<br>
I am unaware of implementations of login_required.<br>
<br>
On Wed, Oct 2, 2013 at 12:00 PM, Mike Jones <<a
moz-do-not-send="true"
href="mailto:Michael.Jones@microsoft.com"
target="_blank">Michael.Jones@microsoft.com</a>>
wrote:<br>
> Googlers, can you be sure to reply to this
thread?<br>
><br>
><br>
><br>
><br>
> Thanks,<br>
><br>
>
--<br>
> Mike<br>
><br>
><br>
><br>
> From: <a moz-do-not-send="true"
href="mailto:openid-specs-ab-bounces@lists.openid.net"
target="_blank">
openid-specs-ab-bounces@lists.openid.net</a><br>
> [mailto:<a moz-do-not-send="true"
href="mailto:openid-specs-ab-bounces@lists.openid.net"
target="_blank">openid-specs-ab-bounces@lists.openid.net</a>]
On Behalf Of Mike<br>
> Jones<br>
> Sent: Wednesday, October 02, 2013 11:36 AM<br>
> To: <a moz-do-not-send="true"
href="mailto:openid-specs-ab@lists.openid.net"
target="_blank">openid-specs-ab@lists.openid.net</a><br>
> Subject: [Openid-specs-ab] What error should
be returned when<br>
> prompt=none used and the user is not logged
in?<br>
><br>
><br>
><br>
> login_required?<br>
><br>
><br>
><br>
> What are implementations in production use
returning in this case?<br>
><br>
><br>
><br>
>
--<br>
> Mike<br>
><br>
><br>
<br>
<br>
<br>
--<br>
--Breno<o:p></o:p></p>
</div>
</div>
</div>
</blockquote>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Openid-specs-ab mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Openid-specs-ab@lists.openid.net">Openid-specs-ab@lists.openid.net</a>
<a class="moz-txt-link-freetext" href="http://lists.openid.net/mailman/listinfo/openid-specs-ab">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a>
</pre>
</blockquote>
<br>
</body>
</html>