Skip to content

Commit 0cf8f8e

Browse files
author
Roger Urscheler
committed
Add new oauth properties 'login_hint' and 'prompt' for implicit and authorization code
1 parent d6ed770 commit 0cf8f8e

File tree

1 file changed

+32
-0
lines changed

1 file changed

+32
-0
lines changed

oauth.html

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -116,6 +116,22 @@ <h5>Step 1: Application Requests Authorization Code</h5>
116116
<td>Any string</td>
117117
<td>Provides any state that might be useful to your application upon receipt of the response. The Circuit Server roundtrips this parameter, so your application receives the same value it sent. To mitigate against cross-site request forgery (CSRF), it is strongly recommended to include an anti-forgery token in the state, and confirm it in the response. This parameter is not required but strongly recommended for above mentioned security reasons.</td>
118118
</tr>
119+
<tr>
120+
<td><code>login_hint</code></td>
121+
<td>email</td>
122+
<td>Optional. If your application knows which user is trying to authenticate, it can use this parameter to provide a hint to the Circuit Authentication Server. The server uses the hint to simplify the login flow by prefilling the email field in the sign-in form.</td>
123+
</tr>
124+
<tr>
125+
<td><code>prompt</code></td>
126+
<td>comma delimited string</td>
127+
<td>Optional. A comma-delimited (no spaces), case-sensitive list of options for the oauth window.
128+
<ul>
129+
<li><code>disable_email</code>: Disable email field (only applicable if login_hint is provided)</li>
130+
<li><code>disable_switch</code>: Disable ability to switch the account from to Oauth popup</li>
131+
<li><code>disable_caching</code>: Hide the "private computer" checkbox.</li>
132+
</ul>
133+
</td>
134+
</tr>
119135
</tbody>
120136
</table>
121137

@@ -270,6 +286,22 @@ <h5>Step 1: Application Requests Authorization Code</h5>
270286
<td>Any string</td>
271287
<td>Provides any state that might be useful to your application upon receipt of the response. The Circuit Server roundtrips this parameter, so your application receives the same value it sent. To mitigate against cross-site request forgery (CSRF), it is strongly recommended to include an anti-forgery token in the state, and confirm it in the response.</td>
272288
</tr>
289+
<tr>
290+
<td><code>login_hint</code></td>
291+
<td>email</td>
292+
<td>Optional. If your application knows which user is trying to authenticate, it can use this parameter to provide a hint to the Circuit Authentication Server. The server uses the hint to simplify the login flow by prefilling the email field in the sign-in form.</td>
293+
</tr>
294+
<tr>
295+
<td><code>prompt</code></td>
296+
<td>comma delimited string</td>
297+
<td>Optional. A comma-delimited (no spaces), case-sensitive list of options for the oauth window.
298+
<ul>
299+
<li><code>disable_email</code>: Disable email field (only applicable if login_hint is provided)</li>
300+
<li><code>disable_switch</code>: Disable ability to switch the account from to Oauth popup</li>
301+
<li><code>disable_caching</code>: Hide the "private computer" checkbox.</li>
302+
</ul>
303+
</td>
304+
</tr>
273305
</tbody>
274306
</table>
275307

0 commit comments

Comments
 (0)