Configure pre login page for passwordless

Hi there,

I want to implement soft “force re authentication” to allow user to reauthenticate even if it is already authenticated. Basically, the user should be allowed to login with a different account if he wants to.

I found a documentation on how to make a similar solution secure, but can’t find anything on how to actually implement the prelogin screen to show user a text " “Hi Josh. Not you? Click here.”", see here Force Reauthentication in OIDC .

I already added prompt=login to the call to authorize endpoint, so users will see the login page everytime athorisation requested.
From what I understand I need to do the following:

  1. Before login page displayed, check if user already authenticated or not
  2. If user authenticated need to show different login page with a text “Hi Josh. Not you? Click here”
  3. Redirect user to login page or back to the application depends on what user clicks.

I have no idea how to do #1 and #2 so any help appreciated.

There is a similar question here: Decision making for MFA frequency per organization but unfortunately no answer.