[Openid-specs-fapi] Issue #380: Grant Management use prohibits SSO, prompt=none, etc (openid/fapi)
panva
issues-reply at bitbucket.org
Fri Feb 19 08:57:28 UTC 2021
New issue 380: Grant Management use prohibits SSO, prompt=none, etc
https://bitbucket.org/openid/fapi/issues/380/grant-management-use-prohibits-sso-prompt
Filip Skokan:
> If the parameter is not present and the AS always issues grant ids or the AS optionally issues grant ids \(see \(#server\_metadata\)\) and the client requires grant ids \(see \(#client\_metadata\)\), **the AS MUST create a new grant and return the respective grant id in the token response.**
If
* there’s already an active OP session established with the RP being checked in in the past
* mechanism for recalling previous persisted grants
then there’s no reason to return a _**new**_ grant. At most i think we should mandate a return of the grant id in token response, but otherwise don’t always require a _**new**_ grant.
There was an authorization request control parameter in the previous drafts that controlled whether the client wants a fresh grant or not IIRC, i wouldn’t mind keeping that parameter around if necessary.
More information about the Openid-specs-fapi
mailing list