Hi

Based on OIDC 1.0 specification:

prompt=select_account
The Authorization Server SHOULD prompt the End-User to select a user account. This enables an End-User who has multiple accounts at the Authorization Server to select amongst the multiple accounts that they might have current sessions for. If it cannot obtain an account selection choice made by the End-User, it MUST return an error, typically account_selection_required.

When I try to pass this parameter to the login URL, nothing happens and browser just gets redirected to the client app with a token of the previously logged in account.
So I tried prompt=login and entered credentials of another user, but then I got the following error in the browser:

We are sorry…

You are already authenticated as different user ‘[first user email address]’ in this session. Please log out first.

As far as I can see in the Keycloak source code, the value of select_account is accepted for the prompt parameter, but it’s never used in the code.

So I was wondering if multiple account and being able to choose between them is supported by the Keycloak at all?

Environment:
Keycloak 11.0.2 and compatible WildFly adapter on the client side.

Regards

Ehsan

Did you find out any solution ?

Facing this issue too. Any one find a solution?

The workaround is described here Google login - add prompt=select_account option · Issue #16750 · keycloak/keycloak · GitHub.

From what I understood, your workaround fixes a different issue. The issue at hand is about Keycloak itself being passed prompt=select_account, while your issue was that select_account wasn’t sent with the IDP login request to Google.