Hi Adam, I think this parameter makes sense for OAuth. It could be defined as extension to the core spec.
Regards, Torsten. Lewis Adam-CAL022 <[email protected]> schrieb: >Hi, > >OpenID Connect defines a parameter for the Authorization Request that I >really like a lot, the prompt parameter which can force the AS to >re-challenge the user for primary authentication. > >This would be a nice feature to have for OAuth too. > >I have some high assurance use cases where my resource servers will >require a certain "freshness" of the access token. The RS will only >accept a AT within a certain lifetime (say for example 1hr). If a >client presents an AT to the RS that was minted over 1hr ago, the RS >(via its RESTful API) will return an error message indicating such to >the client. Further, the RS requires explicit re-authentication of the >end user (by the AS) to obtain a new token. > >However, if the UA still has an active session with the AS, the AS will >not know to re-prompt for primary auth. > >Hence having a PROMPT parameter in OAuth would be ideal. > >Obviously, the train has left the station in terms of the core draft. >But I'm wondering if anybody else has come across such use cases >before? > > >Tx >adam > > > > > > >------------------------------------------------------------------------ > >_______________________________________________ >OAuth mailing list >[email protected] >https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
