<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto">Hello George,<div><br></div><div>i’m torn about using a prompt parameter for this. An OP may already have a session established and this would prevent it being used. A common authz pipeline will halt the request processing when prompt parameter is encountered. </div><div><br></div><div>In the past we’ve dealt with this using a custom parameter when_anonymous=login/register (pick one, default to OP policy).</div><div><br></div><div>This would tell the OP the client’s preference in the initial view <b>only in case there’s no session</b>, since having a session and hitting just the consent screen is preferred over both login and registration. </div><div><br></div><div>Best,</div><div>Filip</div><div><br><div id="AppleMailSignature" dir="ltr">Odesláno z iPhonu</div><div dir="ltr"><br>1. 2. 2019 v 16:54, George Fletcher via Openid-specs-ab <<a href="mailto:openid-specs-ab@lists.openid.net">openid-specs-ab@lists.openid.net</a>>:<br><br></div><blockquote type="cite"><div dir="ltr">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<font face="Helvetica, Arial, sans-serif">So we've run into
situation in our mobile apps where the app allows the user to
choose "sign up" and we want to skip the login form completely.
This allows the app (if it chooses) to present a native button for
sign up rather than just sending the user to the OP login form and
having the user "hunt" for the signup link to click it.<br>
<br>
Just as an example, on first launch of an app that may require
authentication, having the app show a native UI that allows the
user to choose (login with existing identity or create a new one)
can be helpful to the user.<br>
<br>
Thanks,<br>
George<br>
</font><br>
<div class="moz-cite-prefix">On 1/31/19 7:40 PM, Brock Allen wrote:<br>
</div>
<blockquote type="cite" cite="mid:d3612992-9d1d-494e-8c2f-08fa93e6524c@getmailbird.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div id="__MailbirdStyleContent" style="font-size:
10pt;font-family: Lucida Console;color: #000000"> Do you have a
concrete example of how a client would know to send
prompt=create?
<div><br>
</div>
<div>I ask because my first reaction is that given the client
doesn't authenticate the user, it has no idea if the user has
an account or not, so how/why would it know to send this
value? </div>
<div><br>
</div>
<div>Or are you simply imaging the scenario where the client
shows a "login" or "register" link, rather than getting the OP
to do that?<br>
<div><br>
</div>
<div class="mb_sig"><span style="font-family: Lucida Console">-Brock</span>
<div><br>
</div>
</div>
<blockquote class="history_container" type="cite" style="border-left-style:solid;border-width:1px;
margin-top:20px; margin-left:0px;padding-left:10px;">
<p style="color: #AAAAAA; margin-top: 10px;">On 1/31/2019
3:46:26 PM, George Fletcher via Openid-specs-ab
<a class="moz-txt-link-rfc2396E" href="mailto:openid-specs-ab@lists.openid.net"><openid-specs-ab@lists.openid.net></a> wrote:</p>
<div style="font-family:Arial,Helvetica,sans-serif"> <span style="font-family: Helvetica, Arial, sans-serif">Thanks
so much for the quick feedback William! Comments
inline...</span><br>
<br>
<div class="moz-cite-prefix">On 1/31/19 12:45 PM, William
Denniss wrote:<br>
</div>
<blockquote type="cite" cite="mid:CAAP42hDoV3e7KQ17HCqq80chDCzZQ0X9BrCztsGZWcEb85SNNA@mail.gmail.com">
<div dir="ltr">
<div dir="ltr">
<div>Hi George,</div>
<div><br>
</div>
<div>Some quick review thoughts:</div>
<div><br>
</div>
<div>Section 4 Why is there a prohibition on
combining "create" with other prompt values? What
if a future prompt value was added that was
compatible with "create"?</div>
</div>
</div>
</blockquote>
My thinking (though I'm open to options) is that there are
many values that can be mutually exclusive. For example,
what does prompt="create consent" mean? I'm happy to
reduce this to SHOULD to allow for future possibilities.
Or change the wording to explain that other prompt values
that conflict with "create" should not be used.<br>
<blockquote type="cite" cite="mid:CAAP42hDoV3e7KQ17HCqq80chDCzZQ0X9BrCztsGZWcEb85SNNA@mail.gmail.com">
<div dir="ltr">
<div dir="ltr"><br class="gmail-Apple-interchange-newline">
<div>Section 4.1, "the account creation experience"
isn't defined by any OpenID spec, so requiring it
with a MUST could be problematic. Also, most
guidance on the UI shown by the OP is generally in
the form of recommendations not normative
requirements (e.g. around scope consent screens).</div>
</div>
</div>
</blockquote>
OK, I'm fine changing this to a SHOULD if that makes
things more acceptable :)<br>
<blockquote type="cite" cite="mid:CAAP42hDoV3e7KQ17HCqq80chDCzZQ0X9BrCztsGZWcEb85SNNA@mail.gmail.com">
<div dir="ltr">
<div dir="ltr">
<div><br>
</div>
<div>As background, how would you expect this to be
shown on the client? Two different buttons, one to
connect an existing account, one to create a new
account? Might be worth a non-normative discussion
in the doc about how the clients might use this.</div>
</div>
</div>
</blockquote>
More or less, yes:) There are some use cases where the
client may want to allow the user to choose between the
options (sign-up vs sign-in) before starting the
authentication flow. I don't think it precludes the OP
from having to know that a client started an authenticate
flow, the user chose the sign-up link/button and then at
the end of registration the OP needs to redirect back to
the client with a code. However, it does allow the client
to optimize the experience.<br>
<br>
Thanks again,<br>
George<br>
<blockquote type="cite" cite="mid:CAAP42hDoV3e7KQ17HCqq80chDCzZQ0X9BrCztsGZWcEb85SNNA@mail.gmail.com">
<div dir="ltr">
<div dir="ltr">
<div><br>
</div>
<div>William</div>
<div dir="ltr"><br>
</div>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Thu, Jan 31, 2019
at 9:19 AM George Fletcher via Openid-specs-ab <<a href="mailto:openid-specs-ab@lists.openid.net" moz-do-not-send="true">openid-specs-ab@lists.openid.net</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px
0px 0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">I've attached
both the XML and Text versions of a very small spec
that <br>
defines a new parameter value for the 'prompt'
parameter that allows the <br>
client to request the user go directly to the
account creation flow and <br>
when the user has successfully created the account,
return a 'code' to <br>
the client. This improves the user experience by
allowing the client to <br>
direct the user directly to the account creation
page.<br>
<br>
Feedback greatly appreciated!<br>
<br>
Thanks,<br>
George<br>
<br>
<br>
_______________________________________________<br>
Openid-specs-ab mailing list<br>
<a href="mailto:Openid-specs-ab@lists.openid.net" target="_blank" moz-do-not-send="true">Openid-specs-ab@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab" rel="noreferrer" target="_blank" moz-do-not-send="true">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a><br>
</blockquote>
</div>
</blockquote>
</div>
</blockquote>
</div>
</div>
</blockquote>
<br>
</div></blockquote><blockquote type="cite"><div dir="ltr"><span>_______________________________________________</span><br><span>Openid-specs-ab mailing list</span><br><span><a href="mailto:Openid-specs-ab@lists.openid.net">Openid-specs-ab@lists.openid.net</a></span><br><span><a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a></span><br></div></blockquote></div></body></html>