问题
I'm using the system browser for authentication. Identity Provider - Google
Steps
1 - user gets authorized by entering user name and password. I get the authentication_code at this point.
2 - I call the token end point and get access token, id token and refresh token.
When the ID token expires, I need to get a new valid ID token. I need to do this without prompting the user to enter a his credentials.
Question - Is it possible to get a new id token without prompting the user? Refresh token does not always return an ID token and its not a guaranteed behavior according to the open id specification
Tried Solution
Calling the authorization end point with "prompt=none,login_hint=username". This still redirects to the browser and comes back to the app.
Responses with an error
AuthorizationException: {"type":1,"code":1008,"error":"interaction_required"}
回答1:
prompt=none is the way to go; when you receive interaction_required it means that the session at the Provider expired and the user needs to login again; there's no way around that since you really need to authenticate the user again to prevent abuse. If the SSO session was still valid - which it should be for a short period of time - you would have received your new id_token.
来源:https://stackoverflow.com/questions/45096255/open-id-connect-for-native-applications-i-need-get-a-valid-id-token-without-pro