Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feature request: Support OIDC "select_account" prompt #6921

Open
2 of 4 tasks
michaelfried opened this issue Jan 4, 2025 · 3 comments
Open
2 of 4 tasks

feature request: Support OIDC "select_account" prompt #6921

michaelfried opened this issue Jan 4, 2025 · 3 comments
Labels
feature-request Something cool or not cool

Comments

@michaelfried
Copy link

Describe the bug

I want to use logto as an external idp. I therefore created a "Third-Party App" application for generic OIDC in Logto.
I'm now integrating logto into another auth provider (zitadel in this case). When I now start the authorization flow logto returns the error "unsupported prompt value requested".

Auth request: https://logto.company.tld/oidc/auth?client_id=<clientId>&prompt=select_account&redirect_uri=https%3A%2F%2Fzitadel.company.tld%2Fui%2Flogin%2Flogin%2Fexternalidp%2Fcallback&response_type=code&scope=openid+profile+email&state=301172077472251908

Redirect: https://zitadel.company.tld/ui/login/login/externalidp/callback?error=invalid_request&error_description=unsupported+prompt+value+requested&state=301172077472251908&iss=https%3A%2F%2Flogto.company.tld%2Foidc

When I adapt the prompt in the auth requests to consent or login it works, however it doesn't with select_account or none.

I unfortunately didn't find any documentation or settings regarding this.

Expected behavior

Logto should be able to handle the select_account OIDC prompt.

How to reproduce?

Integrate generic OIDC app created in logto as an external idp in a different auth provider.

Context

  • Logto Cloud
  • Self-hosted, Logto version = v1.23.0
    • Container (Docker image)
    • Raw Node.js
@michaelfried michaelfried added the bug Something isn't working label Jan 4, 2025
@michaelfried
Copy link
Author

After having a look at the implementation I've realised that this has not been implemented, therefore it's probably more of a feature request than a bug. However I do think the prompt options described in this blog should be supported.

logto/packages/core/src/oidc/init.ts

Lines 221 to 233 in 460ea89

switch (prompt.name) {
case 'login': {
return '/' + buildLoginPromptUrl(params, appId);
}
case 'consent': {
return '/' + experience.routes.consent;
}
default: {
throw new Error(`Prompt not supported: ${prompt.name}`);
}
}

@wangsijie
Copy link
Contributor

@charIeszhao can you check on this?

@charIeszhao
Copy link
Member

Select account feature is not yet supported when using Logto as a third party Idp.

The blog post, however, is just an tech article trying to explain how "Prompt" works in OIDC 2.0 protocol to general readers.

We would turn this issue into a feature request, and you can also submit your request on our productlane: https://logto.productlane.com/roadmap

@charIeszhao charIeszhao added feature-request Something cool or not cool and removed bug Something isn't working labels Jan 8, 2025
@charIeszhao charIeszhao changed the title bug: OIDC "select_account" prompt not supported feature request: Support OIDC "select_account" prompt Jan 8, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature-request Something cool or not cool
Milestone
No milestone
Development

No branches or pull requests
3 participants
@wangsijie @charIeszhao @michaelfried