-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ignore account hints when prompt=select_account #3315
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One question otherwise looks good!
The server mandates that sid/login_hint should be used only for |
AFAIK this was never present in 2.x. This PR only sends |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approved. One thing: test cases to ignore sid for prompt!=none (if user provides it), please check that once.
Yes, it's there (test cases to use login_hint over sid if prompt != none covers this as login_hint has lower priority than sid) |
I don't think we are testing this use case: Only |
Gotcha, added! |
AAD throws an error when you pass both
prompt=select_account
and alogin_hint
orsid
as these are conflicting. This becomes problematic when someone wants to useprompt=select_account
to switch users and has previously used thesetActiveAccount
API in browser (we quietly pass down the active account if none is provided to the interactive API).This PR ignores account hints if
prompt=select_account
to prevent this error from happening unexpectedly.