The first time a user logs in to Okta they must type in their username and password. If they attempt to login again then they are automatically returned to the application because they have a session cookie set in the browser.
I can change this behaviour by adding the OIDC parameter prompt=login. When I put this then the user is presented with a “verify password” form.
Is there any way to have this “verify password” form force the user to retype their username as well? And if you’re wondering why, that’s because “that’s what the client wants”.
Hi @philbarr
The only possibility at the moment to achieve this use-case is by closing the session in Okta through a front-end request as mentioned here and then redirect the user to the authorization endpoint. In this way, he will be prompted to authenticate before getting authorized and generating the credentials.
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.