When client calls oauth2 /authorize endpoint, django login is always presented

juanifioren / django-oidc-provider

OpenID Connect and OAuth2 provider implementation for Djangonauts.

http://django-oidc-provider.readthedocs.org

MIT License

423 stars 238 forks source link

When client calls oauth2 /authorize endpoint, django login is always presented #420

Closed fritzfs closed 5 months ago

fritzfs commented 5 months ago

When client calls oauth2 /authorize endpoint, django login is always presented even if I am logged in another tab. Do I need to pass some special argument on this endpoint to use existing django session if it exists? Thanks! PS, I am not using prompt=login in query param.

mkalioby commented 5 months ago

I don't get your point, Django sessions in general lives between different tabs as the cookies are sent to domain.

fritzfs commented 5 months ago

Sorry, my mistake. I did testing over auth0.com and their "try connection" injects prompt=login so which causes users to log out and force login for each /authorize call.