Authentication without User Interaction
It is possible to request authentication for a specific user by providing a previously issued id_token. For this, it is necessary to add two key/value pairs in the Query string of the request (chapter 4).
Required Parameters
id_token_hint
Must contain the JWT that represents some previously issued id_token.
&id_token_hint=<jwt_token>prompt
Must have the value none.
&prompt=noneRequest Example
{login-producao}/authorize?response_type=code&scope=openid profile&client_id=exampleclient&redirect_uri=https://example.com.br/callback&id_token_hint=qbcd.1234.xyz&prompt=noneBehavior
Success Case
If the user referenced by the authentication request has an active session, it will occur automatically. The user will be redirected to the redirect_uri with the authorization code, without requiring interaction.
Failure Case
If the user does not have an active session, has an expired session, or the active session does not belong to the referenced user, the user_agent (user's browser) will be redirected to the redirect URI provided in the authentication request, with informative parameters regarding the observed error.
Specific Error
If you use id_token_hint without setting prompt=none, you will receive the following error:
error: "invalid_request"
error_description: "The use of the id_token_hint property requires the prompt value to be set as 'none'."Use Cases
This functionality is useful for:
- Checking if the user still has an active session
- Renewing tokens without requesting login again
- Implementing "remember me" or persistent sessions
- Improving user experience by avoiding repeated logins
Implementation Example
function checkActiveSession(previousIdToken) {
const authUrl = `{login-producao}/authorize?response_type=code&scope=openid profile&client_id=exampleclient&redirect_uri=https://example.com.br/callback&id_token_hint=${previousIdToken}&prompt=none`;
window.location.href = authUrl;
}In the callback, you should check if you received a code (success) or an error (inactive session).