Skip to content
This repository has been archived by the owner on Nov 9, 2024. It is now read-only.

Password can only be passed on initiation of flow, not as a later prompt #5

Open
PieterKas opened this issue Jan 25, 2023 · 0 comments
Open

Password can only be passed on initiation of flow, not as a later prompt #5

PieterKas opened this issue Jan 25, 2023 · 0 comments

Comments

@PieterKas
Copy link
Contributor

There is no option to present a password after the flow is initiated. Once the user has an MFA token, there is no way to prompt for a password. Some scenarios may need to prompt for a password after collecting say an OTP, or perhaps even and SMS code, depending on risk rules etc.

Options to consider:

  • drop “password” parameter from authorization-initiation endpoint.
  • add challenge_type=password in 3.4, add 7.2.6 and 7.3.6 for “persistent/traditional password challenge” and interaction.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@PieterKas