Hi there,
I want to implement soft “force re authentication” to allow user to reauthenticate even if it is already authenticated. Basically, the user should be allowed to login with a different account if he wants to.
I found a documentation on how to make a similar solution secure, but can’t find anything on how to actually implement the prelogin screen to show user a text " “Hi Josh. Not you? Click here.”", see here Force Reauthentication in OIDC .
I already added prompt=login to the call to authorize endpoint, so users will see the login page everytime athorisation requested.
From what I understand I need to do the following:
- Before login page displayed, check if user already authenticated or not
- If user authenticated need to show different login page with a text “Hi Josh. Not you? Click here”
- Redirect user to login page or back to the application depends on what user clicks.
I have no idea how to do #1 and #2 so any help appreciated.