-
assigned issue to
John Bradley
- changed status to open
Basic, Messages, Standard - Need for prompt:select_account questionable
Issue #307
resolved
I’m guessing the scenario is that the user could have multiple accounts they have used with the RP and the RP wants to make sure the user picks the account they want to use. But since this scenario is always possible how can it ever be right NOT to send this value? In which case I would say we should get rid of this value and just have a security consideration that points out the issue.
Comments (5)
-
-
- marked as trivial
add rational.
-
re
#307Added explanation of select_account -
re
#307Added explanation of select_account -
- changed status to resolved
I clarified the description of select_account.
It is required in circumstances where the user may be logged in to the IdP with account A and wants to use Account B.
Using a immediate flow the user may be automatically logged into the RP with the wrong account.
When presented with the you are logged in as X dialog the user may be presented with a change user button that when redirected back to the Authorization server requires a account selection dialog even if the user has elected to permanently trust logins to that RP on the main account.
- Log in to comment
Add some description.