Add support for "prompt=select_account" when using social sign-in #2709
Labels
feat
New feature or request.
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Preflight checklist
Describe your problem
It is common for our users to have multiple accounts in the social sign-in providers we use. Today (as far as I can tell) it is not possible to set the
promptparameter in the authentication requests. This means that in some situations, the users need to use different browsers or incognito mode to be able to sign in to our solution with the "correct" account.Describe your ideal solution
We would like to be able to set
prompt=select_account(as specified here: https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest) parameter in the authentication requests for either a specific login flow, or a specific provider.I see two ways of accomplishing this:
/self-service/login/*(similar torefresh=true), then if it is supported by the provider - the prompt is set for only these requests.For our case, I would be fine with setting it statically in the provider config - but you might have some ideas whether this would make sense on a per-login flow basis. Not all providers support this parameter, but I guess making it clear in the docs that it is a best-effort kind of thing should be fine.
Workarounds or alternatives
An alternative is to force the user to re-authenticate using the
refresh=trueparameter in the initiate login flow requests. This would allow the user to select the account, but also reduces the value of SSO by the provider.Version
0.9.0
Additional Context
No response
The text was updated successfully, but these errors were encountered: