The request consent algorithm should return true if consent was given or false otherwise, and the value should be checked on step 6 of DiscoverFromExternalSource. Otherwise, if the selected account is null, the account state for (rp, null) is checked, which is undefined. An alternative would be to have the account state for (rp, null) defined to "unregistered" and add a note explaining it's ok to return null from request consent.
The
request consent
algorithm should returntrue
if consent was given orfalse
otherwise, and the value should be checked on step 6 of DiscoverFromExternalSource. Otherwise, if the selectedaccount
isnull
, theaccount state
for (rp, null) is checked, which is undefined. An alternative would be to have theaccount state
for (rp, null) defined to "unregistered" and add a note explaining it's ok to returnnull
fromrequest consent
.