- changed milestone to Final
-
assigned issue to
Messages 2.1.3 Description of interaction_required, login_required, session_selection_required and consent_required conflicts with prompt none specification
Prompt "none" specifies that the "Authorization Server MUST NOT display any authentication or consent user interface pages."
Section 2.1.3 however gives the requirement as "SHOULD NOT":
interaction_required
The Authorization Server requires End-User interaction of some form to proceed. This error MAY be returned when the prompt parameter in the Authorization Request is set to none to request that the Authorization Server SHOULD NOT display any user interfaces to the End-User, but the Authorization Request cannot be completed without displaying a user interface for End-User interaction.
login_required
The Authorization Server requires End-User authentication. This error MAY be returned when the prompt parameter in the Authorization Request is set to none to request that the Authorization Server SHOULD NOT display any user interfaces to the End-User, but the Authorization Request cannot be completed without displaying a user interface for user authentication.
session_selection_required
The End-User is REQUIRED to select a session at the Authorization Server. The End-User MAY be authenticated at the Authorization Server with different associated accounts, but the End-User did not select a session. This error MAY be returned when the prompt parameter in the Authorization Request is set to none to request that the Authorization Server SHOULD NOT display any user interfaces to the End-User, but the Authorization Request cannot be completed without displaying a user interface to prompt for a session to use.
consent_required
The Authorization Server requires End-User consent. This error MAY be returned when the prompt parameter in the Authorization Request is set to none to request that the Authorization Server SHOULD NOT display any user interfaces to the End-User, but the Authorization Request cannot be completed without displaying a user interface for End-User consent.
Comments (2)
-
-
- changed status to resolved
Fixed
#877- Specified that a user interface MUST NOT be displayed when "prompt":"none" is used→ <<cset 3f8ab24c8485>>
- Log in to comment
These "SHOULD NOT" phrases about prompt=none will be changed to "MUST NOT".