Feature: Prevent automatic password prompt when passing
login_hint to Universal Login with biometrics enabled
Description: We have New Universal Login enabled with the Identifier First + Biometrics authentication profile selected. When
login_hint is used to populate the user’s email address, they are automatically forwarded to the route
u/login/password. This makes it show the password input field immediately, regardless of whether the user has biometrics configured. It would be better if this redirect did not happen at all, leaving the user at the
u/user/identifier route so that when they click Continue, they are presented with the Biometric authentication prompt if they have biometrics configured, OR the password input if they don’t.
In other words, the
login_hint parameter should not affect the screen the user lands on when opening the new universal login page. It still achieves its purpose of autofilling the username without disrupting other auth flows. Instead, perhaps the
prompt parameter could be expanded to allow us to control which page the user lands on, such as ‘password’ or ‘biometrics’.