What kind of change does this PR introduce? (check at least one)
[x] Bugfix
[ ] Feature
[ ] Code style update
[ ] Refactor
[ ] Other, please describe:
[x] You consent that the copyright of your pull request source code belongs to Authlib's author.
OpenID Connect specification states the following about the prompt=login parameter:
The Authorization Server SHOULD prompt the End-User for reauthentication. If it cannot reauthenticate the End-User, it MUST return an error, typically login_required.
In the current implementation, if end_user is present, the login prompt is ignored and set to None. We should instead keep this prompt so the end-developer can force a re-authentication of the user.
What kind of change does this PR introduce? (check at least one)
OpenID Connect specification states the following about the
prompt=login
parameter:Ref: https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
In the current implementation, if
end_user
is present, thelogin
prompt is ignored and set toNone
. We should instead keep this prompt so the end-developer can force a re-authentication of the user.