lemon-lock-30282
08/30/2023, 5:55 AMupstream-parameters.prompt
facility (https://github.com/ory/kratos/pull/3276). The issue is that provider_discord always overrides anything set in form params (https://github.com/ory/kratos/blob/master/selfservice/strategy/oidc/provider_discord.go#L58C79-L58C79), "prompt=none" for login and "prompt=consent" for refresh.
In our use case I'd want "prompt=consent" under all circumstances to allow convenient account switching. This is also the default behaviour when no "prompt" query param is given to the Discord oauth2 endpoint. Apparently the defaulting to "prompt=none" was done as a separate change (https://github.com/ory/kratos/commit/a6672554b02378eb2dac7b1af99ea2915395867b).
Looking at other OIDC provider implementations, it feels like populating (and overriding the upstream parameters) the prompt query param in the non-forced path is not the right thing to do.lemon-lock-30282
08/30/2023, 5:57 AM