Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

...

ParameterDescriptionExample
response_mode

Informs the OpenID Provider of the mechanism to be used for returning parameters from the endpoint.

See the value of the "response_modes_supported" key in the openid-configuration for available values.

response_mode=query
nonceString value used to associate a Client session with an ID Token, and to mitigate replay attacks. The value is passed through unmodified from the Authentication Request to the ID Token.nonce=abefb10d2b1b
display

Specifies how the OpenID Provider displays the authentication and consent user interface pages to the end-user.

NOTE: This parameter will have limited support and only be defined per service/domain/customer.

display=page
prompt

Specifies whether the OpenID Provider prompts the end-user for reauthentication and consent. This parameter may be useful for services running in an SSO scenario and authentication should be forced. The value may be a space separated list.

Available values are:

  • none : Do not display any authentication or consent user interface pages
  • login : Prompt the End-User for reauthentication
  • consent : Prompt the end-user for consent before returning information to the client
  • select_account : Prompt the End-User to select a user account
prompt=login consent
max_ageNot currently in use.
ui_locales

A space-separated list of the end-user's preferred language and scripts tag values, ordered by preference.

The tags should be according to Tags for Identifying Languages.

ui_locales=nb-NO en-US
id_token_hintID Token previously issued by the OpenID Provider being passed as a hint about the end-user's current or past authenticated session with the client.id_token_hint=<ID Token JWT>
login_hint

Hint to the OpenID Provider about the login identifier the end-user might use to log in (if necessary). The hit may f.ex. be the users phonenumber, email or Buypass ID.


login_hint=someuserid
acr_values

Space-separated string that specifies the acr values that the OpenID Provider is being requested to use for processing this authentication request.

In short: this value describes the clients requirements (represented as an agreed value) for the level of assurance/authentication it requires. The values can f.ex. be values like 1,2 or 3 or something like the eIDAS assurance levels: low, substantial and high.

NOTE: This parameter will have limited support and only be defined per service/domain/customer.

Se also Authentication methods and levels

acr_values=1 2
amr_values

Space-separated string that specifies the amr values that the OpenID Provider should use when selecting authentication methods.

In short this value enables dynamic control of the authentication methods to be used in this session. The values can f.ex. be values like "sc", "mobile" etc. The values are defined as part of the Security Domain. See https://tools.ietf.org/html/rfc8176 for standardised values.

NOTE: This parameter will have limited support and only be defined per service/domain/customer.

Se also Authentication methods and levels

amr_values=sc, mobile

...