feat(jans-auth-server): authz challenge should not require client_id
and acr_values
if valid device_session
is provided
#6867
Labels
comp-jans-auth-server
Component affected by issue or PR
kind-feature
Issue or PR is a new feature request
Milestone
Description
We should not require
client_id
andacr_values
if validdevice_session
is provided.Motivation:
Upon referencing the First Party Native Oauth RFC, it appears that a subsequent authorization request necessitates only a prompt and the device session value, as illustrated in the attached screenshot. However, when I try to remove elements like "client_id" and "acr_values" from my Postman call, I encountered an error.
Test cases and code coverage
The text was updated successfully, but these errors were encountered: