Forum Discussion

G_Harvey's avatar
G_Harvey
Icon for Nimbostratus rankNimbostratus
Dec 16, 2020

OpenID Prompt support

I am trying to get our Android application to authenticate with an F5 backend using OpenID. I found that when we send an authorization request with the prompt field set to login, the F5 server does NOT prompt the user to enter their credentials. Is this supported by F5 and if so, is there instructions that I can send to our customer. Thank you in advance for any help.

 

For more information:

From https://openid.net/specs/openid-connect-core-1_0.html:

 

prompt
OPTIONAL. Space delimited, case sensitive list of ASCII string values that specifies whether the Authorization Server prompts the End-User for reauthentication and consent. The defined values are:
none
The Authorization Server MUST NOT display any authentication or consent user interface pages. An error is returned if an End-User is not already authenticated or the Client does not have pre-configured consent for the requested Claims or does not fulfill other conditions for processing the request. The error code will typically be login_required,interaction_required, or another code defined in Section 3.1.2.6. This can be used as a method to check for existing authentication and/or consent.
login
The Authorization Server SHOULD prompt the End-User for reauthentication. If it cannot reauthenticate the End-User, it MUST return an error, typically login_required.
consent
The Authorization Server SHOULD prompt the End-User for consent before returning information to the Client. If it cannot obtain consent, it MUST return an error, typically consent_required.
select_account
The Authorization Server SHOULD prompt the End-User to select a user account. This enables an End-User who has multiple accounts at the Authorization Server to select amongst the multiple accounts that they might have current sessions for. If it cannot obtain an account selection choice made by the End-User, it MUST return an error, typically account_selection_required.

 

No RepliesBe the first to reply