From 9e3d1471d1d9190db49c0170457f4b8cec66781e Mon Sep 17 00:00:00 2001
From: YuriyZ <yzabrovarniy@gmail.com>
Date: Fri, 1 Dec 2023 13:25:09 +0200
Subject: [PATCH] fix(oxauth): re-authentication doesn't happen for authz
 request with the higher "level" acr #1879 (master)

---
 .../oxauth/authorize/ws/rs/AuthorizeRestWebServiceImpl.java    | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Server/src/main/java/org/gluu/oxauth/authorize/ws/rs/AuthorizeRestWebServiceImpl.java b/Server/src/main/java/org/gluu/oxauth/authorize/ws/rs/AuthorizeRestWebServiceImpl.java
index 7e87eedaa..b4b3abc63 100644
--- a/Server/src/main/java/org/gluu/oxauth/authorize/ws/rs/AuthorizeRestWebServiceImpl.java
+++ b/Server/src/main/java/org/gluu/oxauth/authorize/ws/rs/AuthorizeRestWebServiceImpl.java
@@ -390,6 +390,7 @@ private Response requestAuthorization(
                 }
             }
 
+            log.trace("User: {}, prompts: {}", user, prompts);
             if (user == null) {
                 identity.logout();
                 if (prompts.contains(Prompt.NONE)) {
@@ -522,7 +523,7 @@ private Response requestAuthorization(
                 sessionId = null;
                 prompts.remove(Prompt.LOGIN);
 
-                if (sessionUnauthenticated) {
+                if (sessionUnauthenticated || identity.getSessionId().getState() == SessionIdState.UNAUTHENTICATED) {
                     return redirectToAuthorizationPage(redirectUriResponse.getRedirectUri(), responseTypes, scope, clientId,
                             redirectUri, state, responseMode, nonce, display, prompts, maxAge, uiLocales,
                             idTokenHint, loginHint, acrValues, amrValues, request, requestUri, originHeaders,