Force re-authentication with prompt=login or max_age=0 : does not work

According to the doc : Securing Applications and Services Guide

it might be possible to force a user re-authentication
but I was not able to make it work

For that I used the KeyCloak test app (Keycloak - Test Application) with Firefox and tried to replay requests with additional parneters

But always the answer was
image

==> How to make it work ?

You need to have prompt=login in the first authenticate request. If you’ve set up a standard OIDC public client, it will be a GET request to a URL like:

http(s)://{host}/auth/realms/{realm}/protocol/openid-connect/auth?

with parameters like:

  • client_id
  • redirect_uri
  • state
  • response_mode
  • response_type
  • scope
  • nonce
  • prompt (optional)
1 Like