Auth0 Home Blog Docs

Implicit Grant silently logging in without prompt=none


#1

Hello, I’m using PKCE to log into a native application with the universal login https://app.auth0.com/authorize endpoint. My app is immediately redirected as logged in, even though no prompt is shown. I understand this is the expected behavior for silent login, but I am not passing the prompt=none query string in the request. Passing the string prompt=yes doesn’t fix the problem.

Interestingly, if make a new native application with the same PKCE code, this silent login goes away. I see no difference between the apps in the dashboard.

Thanks in advance,
Ben


#2

Additionally, per the OIDC speicification, setting prompt to the following values doesn’t change the bug:

  • login
  • consent
  • select_account

#3

I’ve abandoned the old application Client to avoid this bug.