Fix handling of prompt=login

app/controllers/api/openid_connect/authorizations_controller.rb

@@ -23,7 +23,7 @@ module Api
         auth = Api::OpenidConnect::Authorization.find_by_client_id_and_user(params[:client_id], current_user)
         reset_auth(auth)
         if logged_in_before?(params[:max_age])
-          reauthenticate
+          reauthenticate(params)
         elsif params[:prompt]
           prompt = params[:prompt].split(" ")
           handle_prompt(prompt, auth)
@@ -61,8 +61,6 @@ module Api
         if prompt.include? "select_account"
           handle_params_error("account_selection_required",
                               "There is no support for choosing among multiple accounts")
-        elsif prompt.include?("login") && logged_in_before?(60)
-          reauthenticate
         elsif prompt.include? "consent"
           request_authorization_consent_form
         else
@@ -70,11 +68,6 @@ module Api
         end
       end
 
-      def reauthenticate
-        sign_out current_user
-        redirect_to new_api_openid_connect_authorization_path(params)
-      end
-
       def handle_authorization_form(auth)
         if auth
           process_authorization_consent("true")
@@ -207,6 +200,9 @@ module Api
         prompt = params[:prompt]
         if prompt && prompt.include?("none")
           handle_prompt_none
+        elsif prompt && prompt.include?("login")
+          new_params = params.merge!(prompt: prompt.remove("login"))
+          reauthenticate(new_params)
         else
           authenticate_user!
         end
@@ -238,6 +234,11 @@ module Api
         end
       end
 
+      def reauthenticate(params)
+        sign_out current_user
+        redirect_to new_api_openid_connect_authorization_path(params)
+      end
+
       def render_error(error_description)
         @error_description = error_description
         render "api/openid_connect/error/error",