Why: Silent launch must honor OIDC prompt/max_age and a per-client re-auth policy so a high-assurance tenant is never silently bypassed.
Done when:
- Modify
OAuth2Controller.authorize to add prompt + max_age params; add entity/OAuth2Client.java field + Flyway V83__oauth2_clients_reauth_policy.sql (reauth_policy VARCHAR(16) NOT NULL DEFAULT 'silent'; values silent|step_up|always; additive, consistent with the V82 cross_tenant precedent).
- Failing tests first: prompt=none + no usable session → RFC
login_required (not the widget action blob); prompt=login → never silent; reauth_policy=step_up → step-up-required signal; max_age exceeded → not silent; reauth_policy=silent within window → mints. Gate the mint branch through satisfiesPolicy().
NOTE: this plan's V83 number predates the shipped V83 (widen chk_enrollment_method) — pick the next free migration version at implementation time.
source: docs/SSO_APP_LAUNCHER_PHASE1_PLAN.md:72
Migrated from docs/SSO_APP_LAUNCHER_PHASE1_PLAN.md (git history retains the original).
Why: Silent launch must honor OIDC prompt/max_age and a per-client re-auth policy so a high-assurance tenant is never silently bypassed.
Done when:
OAuth2Controller.authorizeto addprompt+max_ageparams; addentity/OAuth2Client.javafield + FlywayV83__oauth2_clients_reauth_policy.sql(reauth_policy VARCHAR(16) NOT NULL DEFAULT 'silent'; values silent|step_up|always; additive, consistent with the V82 cross_tenant precedent).login_required(not the widget action blob); prompt=login → never silent; reauth_policy=step_up → step-up-required signal; max_age exceeded → not silent; reauth_policy=silent within window → mints. Gate the mint branch through satisfiesPolicy().NOTE: this plan's V83 number predates the shipped V83 (widen chk_enrollment_method) — pick the next free migration version at implementation time.
source: docs/SSO_APP_LAUNCHER_PHASE1_PLAN.md:72
Migrated from
docs/SSO_APP_LAUNCHER_PHASE1_PLAN.md(git history retains the original).