Biometric authentication runs afoul of religion in West Virginia#An article Biometric authentication runs afoul of religion in West Virginia Not For Identification Purposes OAuth 2.0 and OpenID Connect involve the Client-side application and how to perform integration.
Either they are trying to "roll-their-own" and deal with the too many details or they have general implementation issues from an architecture point of view such as Single Sign-On and using with multiple Applications or microservices.
In a traditional application Access Control and Authentication is done at the beginning of the session. There was a "user repository" where the application would call to obtain the Digital Identity information.
- Prompt Parameter - How to stop it.
- Determining of the user has an account
- Ignore prompt while user already logged in
- Is it possible to authenticate using OAuth without prompting the user when we have the user credentials?
- OAuth flow when user is already logged in to the Oauth Provider
- How to check if a visitor/user is already logged in on Google? (not on the app itself)
- Login w/ Oauth service after user is already logged in?
Most of these can be solved by:
- understanding that just because the user may be Authenticated to some Social Identity Provider does not imply that the Resource Owner has Authorized the OAuth Client Application to have access to the Resource Server.
- understanding how to use a Refresh_token to obtain a new Access Token
- understanding how and when to use the Prompt Parameter values.
- understanding Privacy Considerations for Identity Correlation to associate attributes to the OAuth Client (Application) with the Identity Provider (IDP)