You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It is common for our users to have multiple accounts in the social sign-in providers we use. Today (as far as I can tell) it is not possible to set the prompt parameter in the authentication requests. This means that in some situations, the users need to use different browsers or incognito mode to be able to sign in to our solution with the "correct" account.
Adding configuration for the social providers that support this prompt, so that it is set for all authentication requests.
Adding another parameter in the initialise login flow requests /self-service/login/* (similar to refresh=true), then if it is supported by the provider - the prompt is set for only these requests.
For our case, I would be fine with setting it statically in the provider config - but you might have some ideas whether this would make sense on a per-login flow basis. Not all providers support this parameter, but I guess making it clear in the docs that it is a best-effort kind of thing should be fine.
Workarounds or alternatives
An alternative is to force the user to re-authenticate using the refresh=true parameter in the initiate login flow requests. This would allow the user to select the account, but also reduces the value of SSO by the provider.
Version
0.9.0
Additional Context
No response
The text was updated successfully, but these errors were encountered:
Preflight checklist
Describe your problem
It is common for our users to have multiple accounts in the social sign-in providers we use. Today (as far as I can tell) it is not possible to set the
prompt
parameter in the authentication requests. This means that in some situations, the users need to use different browsers or incognito mode to be able to sign in to our solution with the "correct" account.Describe your ideal solution
We would like to be able to set
prompt=select_account
(as specified here: https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest) parameter in the authentication requests for either a specific login flow, or a specific provider.I see two ways of accomplishing this:
/self-service/login/*
(similar torefresh=true
), then if it is supported by the provider - the prompt is set for only these requests.For our case, I would be fine with setting it statically in the provider config - but you might have some ideas whether this would make sense on a per-login flow basis. Not all providers support this parameter, but I guess making it clear in the docs that it is a best-effort kind of thing should be fine.
Workarounds or alternatives
An alternative is to force the user to re-authenticate using the
refresh=true
parameter in the initiate login flow requests. This would allow the user to select the account, but also reduces the value of SSO by the provider.Version
0.9.0
Additional Context
No response
The text was updated successfully, but these errors were encountered: