[Openid-specs-fapi] Issue #380: Grant Management use prohibits SSO, prompt=none, etc (openid/fapi)

panva issues-reply at bitbucket.org
Fri Feb 19 08:57:28 UTC 2021

New issue 380: Grant Management use prohibits SSO, prompt=none, etc

Filip Skokan:

> If the parameter is not present and the AS always issues grant ids or the AS optionally issues grant ids \(see \(#server\_metadata\)\) and the client requires grant ids \(see \(#client\_metadata\)\), **the AS MUST create a new grant and return the respective grant id in the token response.**


* there’s already an active OP session established with the RP being checked in in the past
* mechanism for recalling previous persisted grants

then there’s no reason to return a _**new**_ grant. At most i think we should mandate a return of the grant id in token response, but otherwise don’t always require a _**new**_ grant.

There was an authorization request control parameter in the previous drafts that controlled whether the client wants a fresh grant or not IIRC, i wouldn’t mind keeping that parameter around if necessary.

More information about the Openid-specs-fapi mailing list