Hi! Was going to file an issue on github but the "...
# talk-kratos
l
Hi! Was going to file an issue on github but the "new bug" checklist bounced me here instead, so I'll ask here first. It appears that the Discord OIDC provider implementation doesn't play ball with the recently added
upstream-parameters.prompt
facility (https://github.com/ory/kratos/pull/3276). The issue is that provider_discord always overrides anything set in form params (https://github.com/ory/kratos/blob/master/selfservice/strategy/oidc/provider_discord.go#L58C79-L58C79), "prompt=none" for login and "prompt=consent" for refresh. In our use case I'd want "prompt=consent" under all circumstances to allow convenient account switching. This is also the default behaviour when no "prompt" query param is given to the Discord oauth2 endpoint. Apparently the defaulting to "prompt=none" was done as a separate change (https://github.com/ory/kratos/commit/a6672554b02378eb2dac7b1af99ea2915395867b). Looking at other OIDC provider implementations, it feels like populating (and overriding the upstream parameters) the prompt query param in the non-forced path is not the right thing to do.
At the very least it would make sense for this behaviour to be configurable.