Basic, Messages, Standard - Need for prompt:consent questionable
Issue #306
invalid
This one seems kinda laughable. Seriously… what RP would ever issue this one? Reauthentication I can easily understand but reapproval seems kinda bogus.
Comments (2)
-
reporter -
- changed status to invalid
It is needed:
e.g., when the privacy policy changed, some jurisdiction requires it from time to time.
- Log in to comment
This additional comment may apply to all uses of prompt, or may be specific to consent:
The RP is the one who should decide if they want to re-confirm a session ID or if they want to do a new login. If they want a new login then they should ask for one and its up to the authorization server to work with the user to make sure the right account is used. I think there is a fundamental conceptual problem here.