OAuth2Prompt uses ConstantsTrait
Enumeration of standard OpenID Connect `prompt` parameter values.
Values used with the OAuth2Parameter::PROMPT parameter to control whether the authorization server prompts the End-User for re-authentication or consent.
Multiple values may be combined as a space-separated list, with the exception of self::NONE which MUST appear alone.
Example:
$params[ OAuth2Parameter::PROMPT ] = OAuth2Prompt::CONSENT ;
References:
- OIDC Core 1.0 §3.1.2.1
- OpenID Connect Initiating User Registration via OpenID Connect 1.0 (
create)
Tags
Table of Contents
Constants
- CONSENT : string = 'consent'
- `consent` — The authorization server SHOULD prompt the End-User for consent before returning information to the client.
- CREATE : string = 'create'
- `create` — The authorization server SHOULD direct the End-User to a sign-up flow rather than a sign-in flow.
- LOGIN : string = 'login'
- `login` — The authorization server SHOULD prompt the End-User for re-authentication, even if an active session exists.
- NONE : string = 'none'
- `none` — The authorization server MUST NOT display any authentication or consent user interface pages. If the End-User is not already authenticated or has not pre-configured consent, an error such as {@see OAuth2Error::LOGIN_REQUIRED} or {@see OAuth2Error::CONSENT_REQUIRED} is returned.
- SELECT_ACCOUNT : string = 'select_account'
- `select_account` — The authorization server SHOULD prompt the End-User to select a user account, enabling them to choose between multiple sessions.
Constants
CONSENT
`consent` — The authorization server SHOULD prompt the End-User for consent before returning information to the client.
public
string
CONSENT
= 'consent'
Required by some providers in conjunction with offline_access
to issue a refresh token.
CREATE
`create` — The authorization server SHOULD direct the End-User to a sign-up flow rather than a sign-in flow.
public
string
CREATE
= 'create'
Defined by "OpenID Connect Initiating User Registration via OpenID Connect 1.0".
LOGIN
`login` — The authorization server SHOULD prompt the End-User for re-authentication, even if an active session exists.
public
string
LOGIN
= 'login'
NONE
`none` — The authorization server MUST NOT display any authentication or consent user interface pages. If the End-User is not already authenticated or has not pre-configured consent, an error such as {@see OAuth2Error::LOGIN_REQUIRED} or {@see OAuth2Error::CONSENT_REQUIRED} is returned.
public
string
NONE
= 'none'
MUST be used as the sole value when present.
SELECT_ACCOUNT
`select_account` — The authorization server SHOULD prompt the End-User to select a user account, enabling them to choose between multiple sessions.
public
string
SELECT_ACCOUNT
= 'select_account'