add prompt param to OIDC auth url creation (#3794)

2025-08-09 10:22:46 +03:00 · 2023-10-11 15:20:23 +13:00
parent c8f8fb587d
commit 1de6de05a1
2 changed files with 29 additions and 2 deletions
--- a/spec/unit/oidc/authorize.spec.ts
+++ b/spec/unit/oidc/authorize.spec.ts
@@ -134,6 +134,25 @@ describe("oidc authorization", () => {

            expect(authUrl.searchParams.get("code_challenge")).toBeTruthy();
        });
+
+        it("should generate url with create prompt", async () => {
+            const nonce = "abc123";
+
+            const metadata = delegatedAuthConfig.metadata;
+
+            const authUrl = new URL(
+                await generateOidcAuthorizationUrl({
+                    metadata,
+                    homeserverUrl: baseUrl,
+                    clientId,
+                    redirectUri: baseUrl,
+                    nonce,
+                    prompt: "create",
+                }),
+            );
+
+            expect(authUrl.searchParams.get("prompt")).toEqual("create");
+        });
    });

    describe("completeAuthorizationCodeGrant", () => {
--- a/src/oidc/authorize.ts
+++ b/src/oidc/authorize.ts
@@ -122,8 +122,13 @@ export const generateAuthorizationUrl = async (
 * @experimental
 * Generate a URL to attempt authorization with the OP
 * See https://openid.net/specs/openid-connect-basic-1_0.html#CodeRequest
- * @param oidcClientSettings - oidc configuration
- * @param homeserverName - used as state
+ * @param metadata - validated metadata from OP discovery
+ * @param clientId - this client's id as registered with the OP
+ * @param homeserverUrl - used to establish the session on return from the OP
+ * @param identityServerUrl - used to establish the session on return from the OP
+ * @param nonce - state
+ * @param prompt - indicates to the OP which flow the user should see - eg login or registration
+ *          See https://openid.net/specs/openid-connect-prompt-create-1_0.html#name-prompt-parameter
 * @returns a Promise with the url as a string
 */
 export const generateOidcAuthorizationUrl = async ({
@@ -133,6 +138,7 @@ export const generateOidcAuthorizationUrl = async ({
    homeserverUrl,
    identityServerUrl,
    nonce,
+    prompt,
 }: {
    clientId: string;
    metadata: ValidatedIssuerMetadata;
@@ -140,6 +146,7 @@ export const generateOidcAuthorizationUrl = async ({
    identityServerUrl?: string;
    redirectUri: string;
    nonce: string;
+    prompt?: string;
 }): Promise<string> => {
    const scope = await generateScope();
    const oidcClient = new OidcClient({
@@ -156,6 +163,7 @@ export const generateOidcAuthorizationUrl = async ({
    const request = await oidcClient.createSigninRequest({
        state: userState,
        nonce,
+        prompt,
    });

    return request.url;