[Task] Confirm the account you want to use when login to a new OAuth client.

[taorepoara]

What should be done

Propose to save many accounts to let the user select the account he want's to use for the current login request.

Technical recommandation

Check if Hydra can manage it.

Is this task linked with any other ?

Can fix this issue lenra-io/backoffice#131

[shiipou]

It seems that OIDC allow to add prompt=select_user to the auth url.

Example :

https://auth.lenra.io/oauth2/auth?client_id=a6ea3163-4c22-4dbb-8316-2766ef9dbb14&redirect_uri=https%3A%2F%2Foauthdebugger.com%2Fdebug&scope=app%3Awebsocket&response_type=code&response_mode=form_post&state=2de5rggpxxh&nonce=9861h6x8nue&prompt=select_user

But in that case, Hydra return me this error :

error=invalid_request
error_description=The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Used unknown value '[select_account]' for prompt parameter&state=2de5rggpxxh

I seen in a github thread a way to handle it in a hacky way.

They explain in the thread that they need to refactor a lot of hydra code to implement it. Maybe it will came some day. Maybe not.

The hacky solution is to implement client-side session management and store multiple session tokens for each user account. You can then use these tokens to manage the accounts and allow the user to switch between them.

[taorepoara]

I seen this Hydra discussion: ory/hydra#3119

We can manage the login cookies on the identity provider instead of Hydra so we can manage many accounts. @shiipou you should look at this solution.