Overview#
The prompt parameter in OpenID Connect Authentication Request is an OPTIONAL Space-delimited, case-sensitive list of ASCII string values that specifies whether the Authorization Server prompts the Resource Owner for re-authentication and consent. The defined values are:- none - The Authorization Server MUST NOT display any authentication or consent user interface pages. An OAuth Error is returned if an Resource Owner (End-User) is not already authenticated or the OAuth Client does not have pre-configured consent for the requested Claims or does not fulfill other conditions for processing the Authorization Request. The OAuth Error will typically be login_required, interaction_required. This can be used as a method to check for existing authentication and/or consent.
- login - The Authorization Server SHOULD prompt the Resource Owner for re-authentication. If it cannot reauthenticate the End-User, it MUST return an OAuth Error, typically login_required.
- consent -The Authorization Server SHOULD prompt the End-User for consent before returning information to the Client. If it cannot obtain consent, it MUST return an error, typically consent_required.
- select_account - The Authorization Server SHOULD prompt the End-User to select a user account. This enables an End-User who has multiple accounts at the Authorization Server to select amongst the multiple accounts that they might have current sessions for. If it cannot obtain an account selection choice made by the End-User, it MUST return an OAuth Error, typically account_selection_required. The Account Chooser is the common interface.
- The prompt parameter can be used by the Client to make sure that the End-User is still present for the current session or to bring attention to the request. If this parameter contains none with any other value, an error is returned.
