Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I'd like to add that so many providers do not support either `prompt=select_account` or just natively ask the user which account to login to, mainly for OIDC. Working with IAM systems at work and using different test accounts, it's frustrating when you can't easily log out of the destination IdP for, say, SSO.


It absolutely grinds my gears - Chrome's profile system and / or Firefox's container tab system work somewhat, but it feels like a bandaid fix.


Do you want select account, implying the site supports multiple accounts at a time, or just prompt=login?

We're still shaking out bugs and bad behaviors after adding multi account on GitHub, I get why folks might not want to implement it.


My experience with `prompt=login` is also mixed. Okta's behavior does not indicate which account you're logging into (no username/email address), and only asks to re-input your password. They have a "Back to sign in" link button, but that loses all OAuth context and does not lead you back into the app you're attempting to OAuth into, unless if you specifically override that button to hit Okta's logout endpoint and with a redirect back to your OAuth authorize endpoint/session.

It's janky. And I would know because we had to implement that at work.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: