You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Under section 5.2.2.1. “Redirect to Web Error Response” the spec mentions
In this case, the client is expected to initiate a new OAuth
Authorization Code flow with PKCE according to [RFC6749] and
[RFC7636].
If the client expects the frequency of this error response to be
high, the client MAY include a PKCE ([RFC7636]) code_challenge in the
initial authorization challenge request. This enables the
authorization server to essentially treat the authorization challenge
request as a PAR [RFC9126] request, and return the request_uri and
expires_in as defined by [RFC9126] in the error response. The client
then uses the request_uri value to build an authorization request as
defined in [RFC9126] Section 4.
I think it would be good to add some text to the spec mentioning the possibility to use the auth_session in this new authorization request such that the user can continue the login from where the user left off. Something similar is mentioned in section 6.1. for step-up authentication.
The text was updated successfully, but these errors were encountered:
Under section 5.2.2.1. “Redirect to Web Error Response” the spec mentions
I think it would be good to add some text to the spec mentioning the possibility to use the auth_session in this new authorization request such that the user can continue the login from where the user left off. Something similar is mentioned in section 6.1. for step-up authentication.
The text was updated successfully, but these errors were encountered: