2

I'm creating an OIDC provider with oidc-provider. For now, my Registration flow required email verification step, which is handler outside oidc-provider. This approach works but it leads to an issue that user can not automatically login after setting up their password.

I thinking of creating a new prompt policy name email-verification, something like:

https://<auth-endpoint>?client_id=...&prompt=email-verification

I wonder:

  1. Is this flow acceptable with OpenID Connect specs?
  2. Is there any document, tutorial or example in terms of specs or implementations of this approach?
  3. The case user register in mobile app, but open email link in web (we have a mobile app with different client_id and of course, different redirect_uri. What should we redirect user to the app without error.

Thanks,

Dat Nguyen
  • 127
  • 1
  • 5
  • Hi did you find a solution? i have a policy but it does not trigger, is there way to call a custom or policy check during interaction completion? – Rain May 12 '23 at 13:42
  • 1
    @Rain When looking at the code in `.../interaction_policy/prompt.js`, the rule of choosing custom policy in the codes below: ``` if (requestable) { checks.unshift(new Check(`${name}_prompt`, `${name} prompt was not resolved`, error, (ctx) => { const { oidc } = ctx; if (oidc.prompts.has(name) && oidc.promptPending(name)) { return true; } return false; })); } ``` we see the login policy match first, so it ignore another. So you can try to change order of config `.interactions.policy` and add your custom polic first – Dat Nguyen May 13 '23 at 14:31
  • Hi Dat Nguyen, thank you i have resolved it with changing order. appreciate your help. – Rain May 16 '23 at 16:03

0 Answers0