search

heroku / identity

[DEPRECATED] Login and OAuth management service for Heroku
https://id.heroku.com/
MIT License
3 stars 0 forks source link

Support `prompt=login` on /oauth/authorize #176

Closed joshwlewis closed 9 years ago

joshwlewis commented 9 years ago

For users that are already authenticated in identity, /oauth/authorize will always return a code for the currently logged in identity user. I'm working on a scenario (heroku/dashboard-v6#2213) where we'd want to allow users to login to other accounts without completely logging out of identity.

OpenId Connect supports use of a prompt parameter here. When that parameter is login, the user is always prompted for credentials. I know we're not implementing connect, but this seemed like a reasonable and idiomatic solution.

So, with this PR, client apps can add prompt=login to the authorize request, which will force an email/password prompt.

dmcinnes commented 9 years ago

@joshwlewis +1 from me! We'll look at getting this out after Dreamforce.

joshwlewis commented 9 years ago

Booyeah!