RSS Feed/News OAuth2 - No way to force re-authentication

Status
Not open for further replies.

ENXF NET

Administrator
Staff member
Administrator
Moderator
+Lifetime VIP+
S.V.I.P.S Member
S.V.I.P Member
V.I.P Member
Collaborate
Registered
Joined
Nov 13, 2018
Messages
32,362
Points
823

Reputation:

This is gray on a feature ask vs bug, but hoping I can sneak it into the bug fix bucket as a potential security improvement.

Ask: Support prompt=login (and ideally max_age=0) at the OAuth2 authorization endpoint (e.g. /oauth2/authorize endpoint) so relying parties can force re-authentication

TLDR: Apps that use XenForo as an OAuth2 provider currently have no way to force a fresh login. If a user "logs out" of the app and tries to sign back in, they get silently...

Read more

Continue reading...
 
Status
Not open for further replies.
Top