Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bypassing user consent with 'prompt=none' does not work #43

Open
siepkes opened this issue Mar 18, 2019 · 2 comments
Open

Bypassing user consent with 'prompt=none' does not work #43

siepkes opened this issue Mar 18, 2019 · 2 comments

Comments

@siepkes
Copy link
Member

siepkes commented Mar 18, 2019

When trying to suppress the OAUTH2 user consent page with the prompt=none as an argument with the Authorization Request AM still returns a interaction_required error. prompt=none is part of the OpenID Connect Core 1.0 standard.

This happens even when "Allow clients to skip consent" on the OAuth2 service is true and when the Implied consent option in the agent is also true.
@RomainWilbert
Copy link

Hi,

The prompt=none parameter purpose is not to suppress the user consent page. The expected behavior is to return an error from the authorize endpoint when the user is not logged in, instead of displaying the authentication form.

@pavelhoral
Copy link
Member

I guess the issue here is that the user is authenticated against AM, but it is his/hers first login to OIDC enabled application (or there is no consent attribute configured). Ideally with "implied consent" (configuration of OIDC agent / client / app) there is no interaction so this should authenticate user.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@siepkes @pavelhoral @RomainWilbert