KEYCLOAK-7437 Support for prompt=consent
This commit is contained in:
parent
fc3b324913
commit
8ae19e5f78
2 changed files with 5 additions and 1 deletions
|
@ -23,6 +23,8 @@ enter the scope options `address phone`, then the request to {project_name} will
|
||||||
|
|
||||||
* prompt - {project_name} supports these settings:
|
* prompt - {project_name} supports these settings:
|
||||||
** `login` - SSO will be ignored and the {project_name} login page will be always shown, even if the user is already authenticated
|
** `login` - SSO will be ignored and the {project_name} login page will be always shown, even if the user is already authenticated
|
||||||
|
** `consent` - Applicable only for the clients with `Consent Required`. If it is used, the Consent page will always be displayed,
|
||||||
|
even if the user previously granted consent to this client.
|
||||||
** `none` - The login page will never be shown; instead the user will be redirected to the application, with an error if the user
|
** `none` - The login page will never be shown; instead the user will be redirected to the application, with an error if the user
|
||||||
is not yet authenticated. This setting allows you to create a filter/interceptor on the application side and show a custom error page
|
is not yet authenticated. This setting allows you to create a filter/interceptor on the application side and show a custom error page
|
||||||
to the user. See more details in the specification.
|
to the user. See more details in the specification.
|
||||||
|
|
|
@ -317,7 +317,9 @@ Redirects to login form on (options is an optional object with redirectUri and/o
|
||||||
Options is an Object, where:
|
Options is an Object, where:
|
||||||
|
|
||||||
* redirectUri - Specifies the uri to redirect to after login.
|
* redirectUri - Specifies the uri to redirect to after login.
|
||||||
* prompt - By default the login screen is displayed if the user is not logged-in to {project_name}. To only authenticate to the application if the user is already logged-in and not display the login page if the user is not logged-in, set this option to `none`. To always require re-authentication and ignore SSO, set this option to `login` .
|
* prompt - This parameter allows to slightly customize the login flow on the {project_name} server side.
|
||||||
|
For example enforce displaying the login screen in case of value `login`. See link:#_params_forwarding[Parameters Forwarding Section]
|
||||||
|
for the details and all the possible values of the `prompt` parameter.
|
||||||
* maxAge - Used just if user is already authenticated. Specifies maximum time since the authentication of user happened. If user is already authenticated for longer time than `maxAge`, the SSO is ignored and he will need to re-authenticate again.
|
* maxAge - Used just if user is already authenticated. Specifies maximum time since the authentication of user happened. If user is already authenticated for longer time than `maxAge`, the SSO is ignored and he will need to re-authenticate again.
|
||||||
* loginHint - Used to pre-fill the username/email field on the login form.
|
* loginHint - Used to pre-fill the username/email field on the login form.
|
||||||
* scope - Used to forward the scope parameter to the {project_name} login endpoint. Use a space-delimited list of scopes. Those typically
|
* scope - Used to forward the scope parameter to the {project_name} login endpoint. Use a space-delimited list of scopes. Those typically
|
||||||
|
|
Loading…
Reference in a new issue