search

DuendeSoftware / IdentityServer

The most flexible and standards-compliant OpenID Connect and OAuth 2.x framework for ASP.NET Core
https://duendesoftware.com/products/identityserver
Other
1.45k stars 337 forks source link

PAR - support processed params in authorize endpoint #1566

Closed josephdecock closed 3 months ago

josephdecock commented 4 months ago

Fixes #1562, which is a bug where the prompt (or max_age=0) parameter could not be used with PAR because we weren't respecting the processed flag.

josephdecock commented 4 months ago

This is "on top of" #1565 because max age=0 has the same issue as prompt=login. We should merge 1565 first.

josephdecock commented 4 months ago

This is an alternative to https://github.com/DuendeSoftware/IdentityServer/pull/1563, and I think we should do this one because 1563 would have been a breaking change even for unaffected users. The approach was also pretty questionable/hacky.