fix(oxauth): re-authentication doesn't happen for authz request with …

…the higher "level" acr #1879 (master)
GluuFederation · Dec 1, 2023 · 9e3d147 · 9e3d147
1 parent d15735f
commit 9e3d147
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/Server/src/main/java/org/gluu/oxauth/authorize/ws/rs/AuthorizeRestWebServiceImpl.java b/Server/src/main/java/org/gluu/oxauth/authorize/ws/rs/AuthorizeRestWebServiceImpl.java
@@ -390,6 +390,7 @@ private Response requestAuthorization(
                 }
             }
 
+            log.trace("User: {}, prompts: {}", user, prompts);
             if (user == null) {
                 identity.logout();
                 if (prompts.contains(Prompt.NONE)) {
@@ -522,7 +523,7 @@ private Response requestAuthorization(
                 sessionId = null;
                 prompts.remove(Prompt.LOGIN);
 
-                if (sessionUnauthenticated) {
+                if (sessionUnauthenticated || identity.getSessionId().getState() == SessionIdState.UNAUTHENTICATED) {
                     return redirectToAuthorizationPage(redirectUriResponse.getRedirectUri(), responseTypes, scope, clientId,
                             redirectUri, state, responseMode, nonce, display, prompts, maxAge, uiLocales,
                             idTokenHint, loginHint, acrValues, amrValues, request, requestUri, originHeaders,