openid / connect / issues / #306 - Basic, Messages, Standard - Need for prompt:consent questionable — Bitbucket

Issue #306 invalid

Michael Jones created an issue 2011-11-17

This one seems kinda laughable. Seriously… what RP would ever issue this one? Reauthentication I can easily understand but reapproval seems kinda bogus.

Comments (2)

Michael Jones reporter
This additional comment may apply to all uses of prompt, or may be specific to consent:

The RP is the one who should decide if they want to re-confirm a session ID or if they want to do a new login. If they want a new login then they should ask for one and its up to the authorization server to work with the user to make sure the right account is used. I think there is a fundamental conceptual problem here.
- 2011-11-17T09:55:14+00:00
Nat Sakimura
- changed status to invalid
It is needed:

e.g., when the privacy policy changed, some jurisdiction requires it from time to time.
- 2011-11-18T00:47:06+00:00
Log in to comment

Assignee: –

Type: bug

Priority: minor

Status: invalid

Component: –

Milestone: –

Version: –

Votes: 0

Watchers: 0

Jira Software: the preferred issue tracker for Bitbucket. Join the team!