top | item 42392912

(no title)

jamamp | 1 year ago

I'd like to add that so many providers do not support either `prompt=select_account` or just natively ask the user which account to login to, mainly for OIDC. Working with IAM systems at work and using different test accounts, it's frustrating when you can't easily log out of the destination IdP for, say, SSO.

discuss

datenyan|1 year ago

It absolutely grinds my gears - Chrome's profile system and / or Firefox's container tab system work somewhat, but it feels like a bandaid fix.

hirsin|1 year ago

Do you want select account, implying the site supports multiple accounts at a time, or just prompt=login?

We're still shaking out bugs and bad behaviors after adding multi account on GitHub, I get why folks might not want to implement it.

jamamp|1 year ago

My experience with `prompt=login` is also mixed. Okta's behavior does not indicate which account you're logging into (no username/email address), and only asks to re-input your password. They have a "Back to sign in" link button, but that loses all OAuth context and does not lead you back into the app you're attempting to OAuth into, unless if you specifically override that button to hit Okta's logout endpoint and with a redirect back to your OAuth authorize endpoint/session.

It's janky. And I would know because we had to implement that at work.