Implicit Grant silently logging in without prompt=none

Ben_Smith · July 5, 2018, 5:10pm

Hello, I’m using PKCE to log into a native application with the universal login https://app.auth0.com/authorize endpoint. My app is immediately redirected as logged in, even though no prompt is shown. I understand this is the expected behavior for silent login, but I am not passing the prompt=none query string in the request. Passing the string prompt=yes doesn’t fix the problem.

Interestingly, if make a new native application with the same PKCE code, this silent login goes away. I see no difference between the apps in the dashboard.

Thanks in advance,
Ben

Ben_Smith · July 5, 2018, 5:44pm

Additionally, per the OIDC speicification, setting prompt to the following values doesn’t change the bug:

login
consent
select_account

Ben_Smith · July 6, 2018, 9:03pm

I’ve abandoned the old application Client to avoid this bug.

Topic		Replies	Views
/authorize's "prompt" parameter not documented Help	3	7008	April 17, 2020
Authorization Code Flow with Prompt Setting Not Redirecting Properly Help classic-universal-login-experience , login-experience	0	814	May 4, 2023
Login=prompt not working? Help	2	3034	August 26, 2019
Authorization Code not coming back Help authorization	8	4040	September 18, 2020
Auth0: How to enable silent authentication in Hosted Login Page? Help auth0 , auth0-lock , hosted-login-page , silent-authenticatio , single-sign-on	1	4206	March 2, 2018

Implicit Grant silently logging in without prompt=none

Related topics