Skip to content

feat(oxauth): allow authentication for max_age=0 #1714

New issue
Jump to bottom
New issue
Jump to bottom
Closed
Closed
feat(oxauth): allow authentication for max_age=0#1714
Assignees
yuriyz
Labels
enhancementlibs update, re-factroring, etc.
Milestone
 
4.5
@yuriyz

Description

@yuriyz
yuriyz
opened on Sep 2, 2022

Describe the issue

Setting max_age parameter with 0 value in a authorization request doesn't allow user to log in at all. After postlogin call user is redirected back to login page.

In addition we can introduce disableAuthnForMaxAgeZero with default value false. If true - authn will be disabled.

max_age
OPTIONAL. Maximum Authentication Age. Specifies the allowable elapsed time in seconds since the last time the End-User was actively authenticated by the OP. If the elapsed time is greater than this value, the OP MUST attempt to actively re-authenticate the End-User. (The max_age request parameter corresponds to the OpenID 2.0 PAPE [OpenID.PAPE] max_auth_age request parameter.) When max_age is used, the ID Token returned MUST include an auth_time Claim Value.

Expected behavior

Setting max_age parameter with 0 value in a authorization request enables the user to log in.

Actual behavior

Setting max_age parameter with 0 value in a authorization request doesn't allow user to log in at all. After postlogin call user is redirected back to login page.

Support: 10742

Metadata

Assignees

Labels

enhancementlibs update, re-factroring, etc.

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions