diff --git a/app/controllers/api/openid_connect/authorizations_controller.rb b/app/controllers/api/openid_connect/authorizations_controller.rb index a088d73e2..7acddcfaf 100644 --- a/app/controllers/api/openid_connect/authorizations_controller.rb +++ b/app/controllers/api/openid_connect/authorizations_controller.rb @@ -23,7 +23,7 @@ module Api auth = Api::OpenidConnect::Authorization.find_by_client_id_and_user(params[:client_id], current_user) reset_auth(auth) if logged_in_before?(params[:max_age]) - reauthenticate + reauthenticate(params) elsif params[:prompt] prompt = params[:prompt].split(" ") handle_prompt(prompt, auth) @@ -61,8 +61,6 @@ module Api if prompt.include? "select_account" handle_params_error("account_selection_required", "There is no support for choosing among multiple accounts") - elsif prompt.include?("login") && logged_in_before?(60) - reauthenticate elsif prompt.include? "consent" request_authorization_consent_form else @@ -70,11 +68,6 @@ module Api end end - def reauthenticate - sign_out current_user - redirect_to new_api_openid_connect_authorization_path(params) - end - def handle_authorization_form(auth) if auth process_authorization_consent("true") @@ -207,6 +200,9 @@ module Api prompt = params[:prompt] if prompt && prompt.include?("none") handle_prompt_none + elsif prompt && prompt.include?("login") + new_params = params.merge!(prompt: prompt.remove("login")) + reauthenticate(new_params) else authenticate_user! end @@ -238,6 +234,11 @@ module Api end end + def reauthenticate(params) + sign_out current_user + redirect_to new_api_openid_connect_authorization_path(params) + end + def render_error(error_description) @error_description = error_description render "api/openid_connect/error/error",