==== Parameters Forwarding The {project_name} initial authorization endpoint request has support for various parameters. Most of the parameters are described in http://openid.net/specs/openid-connect-core-1_0.html#AuthorizationEndpoint[OIDC specification]. Some parameters are added automatically by the adapter based on the adapter configuration. However, there are also a few parameters that can be added on a per-invocation basis. When you open the secured application URI, the particular parameter will be forwarded to the {project_name} authorization endpoint. For example, if you request an offline token, then you can open the secured application URI with the `scope` parameter like: [source] ---- http://myappserver/mysecuredapp?scope=offline_access ---- and the parameter `scope=offline_access` will be automatically forwarded to the {project_name} authorization endpoint. The supported parameters are: * scope * prompt - {project_name} supports these settings: ** `login` - SSO will be ignored and the {project_name} login page will be always shown, even if the user is already authenticated ** `none` - The login page will never be shown; instead the user will be redirected to the application, with an error if the user is not yet authenticated. This setting allows you to create a filter/interceptor on the application side and show a custom error page to the user. See more details in the specification. * max_age * login_hint * kc_idp_hint Most of the parameters are described in the http://openid.net/specs/openid-connect-core-1_0.html#AuthorizationEndpoint[OIDC specification]. The only exception is parameter `kc_idp_hint`, which is specific to {project_name} and contains the name of the identity provider to automatically use. For more information see the `Identity Brokering` section in link:{adminguide_link}[{adminguide_name}]. WARNING: If you open the URL using the attached parameters, the adapter will not redirect you to {project_name} if you are already authenticated in the application. For example, opening $$http://myappserver/mysecuredapp?prompt=login$$ will not automatically redirect you to the {project_name} login page if you are already authenticated to the application `mysecredapp` . This behavior may be changed in the future.