We are currently integrating Okta with our IdentityServer for one of our clients. Our flow involves the user needing to simply enter the company’s domain to be redirected to Okta for username and password. I included prompt=login to always make the user enter their password, but the username field will not show if the user already has an active session. This is problematic as the company shares devices at patient’s homes. I found I could send a login_hint with a placeholder value, but then the user will need to delete the place holder before entering their username. The client didn’t want us to end the Okta sessions on the device when logging out of our App, but it seems we might not have a choice. I wanted to check here for any other options to get both password and username to show, before we went ahead with having to end the Okta sessions.
At this time, Okta only supports prompt=login as a way to prompt the user to authenticate, but as you saw, this will only prompt the user for their password, not to completely relogin again, in part because we only support a single user having a session in a given Okta org in a single browser (unlike some providers that support a select-account option for the prompt parameter)
Far as I can tell, the best/only approach to ensure that users are challenged for a full re-auth would likely be to end any existing Okta sessions before trying to log in the second user