KEYCLOAK-7437 Support for prompt=consent

This commit is contained in:
mposolda 2018-08-29 12:05:35 +02:00 committed by Marek Posolda
parent fc3b324913
commit 8ae19e5f78
2 changed files with 5 additions and 1 deletions

View file

@ -23,6 +23,8 @@ enter the scope options `address phone`, then the request to {project_name} will
* prompt - {project_name} supports these settings: * prompt - {project_name} supports these settings:
** `login` - SSO will be ignored and the {project_name} login page will be always shown, even if the user is already authenticated ** `login` - SSO will be ignored and the {project_name} login page will be always shown, even if the user is already authenticated
** `consent` - Applicable only for the clients with `Consent Required`. If it is used, the Consent page will always be displayed,
even if the user previously granted consent to this client.
** `none` - The login page will never be shown; instead the user will be redirected to the application, with an error if the user ** `none` - The login page will never be shown; instead the user will be redirected to the application, with an error if the user
is not yet authenticated. This setting allows you to create a filter/interceptor on the application side and show a custom error page is not yet authenticated. This setting allows you to create a filter/interceptor on the application side and show a custom error page
to the user. See more details in the specification. to the user. See more details in the specification.

View file

@ -317,7 +317,9 @@ Redirects to login form on (options is an optional object with redirectUri and/o
Options is an Object, where: Options is an Object, where:
* redirectUri - Specifies the uri to redirect to after login. * redirectUri - Specifies the uri to redirect to after login.
* prompt - By default the login screen is displayed if the user is not logged-in to {project_name}. To only authenticate to the application if the user is already logged-in and not display the login page if the user is not logged-in, set this option to `none`. To always require re-authentication and ignore SSO, set this option to `login` . * prompt - This parameter allows to slightly customize the login flow on the {project_name} server side.
For example enforce displaying the login screen in case of value `login`. See link:#_params_forwarding[Parameters Forwarding Section]
for the details and all the possible values of the `prompt` parameter.
* maxAge - Used just if user is already authenticated. Specifies maximum time since the authentication of user happened. If user is already authenticated for longer time than `maxAge`, the SSO is ignored and he will need to re-authenticate again. * maxAge - Used just if user is already authenticated. Specifies maximum time since the authentication of user happened. If user is already authenticated for longer time than `maxAge`, the SSO is ignored and he will need to re-authenticate again.
* loginHint - Used to pre-fill the username/email field on the login form. * loginHint - Used to pre-fill the username/email field on the login form.
* scope - Used to forward the scope parameter to the {project_name} login endpoint. Use a space-delimited list of scopes. Those typically * scope - Used to forward the scope parameter to the {project_name} login endpoint. Use a space-delimited list of scopes. Those typically