Details
-
Suggestion
-
Resolution: Unresolved
-
None
-
None
Description
The new /openid/v2 server silently permits authentication for any relying parties on a whitelist, for cases where services are considered part of the same system.
It would be good to also introduce the behaviour (present in the old server) of allowing users to confirm, for sites not on that list, that they want to authenticate. At it simplest, this would be a request for confirmation that did not persist.