- changed status to open
oidcc-prompt-none-logged-in test should accept login_required response
Issue #2024
open
Our Authorization Server requires End-User authentication for every request, so it responds to prompt=none requests with the login_required error code. The specification states, “This error MAY be returned when the prompt parameter value in the Authentication Request is none, but the Authentication Request cannot be completed without displaying a user interface for End-User authentication.”
However, the oidcc-prompt-none-logged-in, oidcc-max-age-10000, and oidcc-id-token-hint tests fail when we return the login_required error code, so we are unable to proceed with oidcc-basic-certification-test-plan.
I request for these test cases to be modified to accept a login_required response so we can proceed with certification for our implementation.
Comments (2)
-
-
reporter
It’s simpler to require End-User authentication for every request. Simpler code has fewer bugs. We want a “simple identity layer on top of the OAuth 2.0 protocol” without the complexity of End-User session management.
- Log in to comment
Why does your implementation require End-User authentication for every request?
I'll note that this issue is actually about Certification. It would effectively remove the tests that require working support for prompt=none from the certification requirements.