OIDC Prompt Parameter

The prompt parameter is an optional OpenID Connect (OIDC) parameter that controls which authentication screen users see first when redirected to the authorization endpoint.

Supported Values

AuthAction supports two prompt values:

Value	Description
login	Show the login (sign-in) form first. For existing users.
signup	Show the signup (registration) form first. For new users.

These values are advertised in the OpenID Connect Discovery document via prompt_values_supported at /.well-known/openid-configuration.

Usage

Add the prompt query parameter to your authorization URL when redirecting users to /oauth2/authorize:

Show signup first (for registration flows):

GET /oauth2/authorize?
  response_type=code&
  client_id=YOUR_CLIENT_ID&
  redirect_uri=YOUR_REDIRECT_URI&
  scope=openid%20email%20profile&
  code_challenge=YOUR_CODE_CHALLENGE&
  code_challenge_method=S256&
  prompt=signup

Show login first (for sign-in flows):

GET /oauth2/authorize?
  response_type=code&
  client_id=YOUR_CLIENT_ID&
  redirect_uri=YOUR_REDIRECT_URI&
  scope=openid%20email%20profile&
  code_challenge=YOUR_CODE_CHALLENGE&
  code_challenge_method=S256&
  prompt=login

Behavior

• prompt=signup: The user is redirected to the signup identifier page. Use this when your app’s primary action is registration (e.g. “Create account”).

• prompt=login: The user is redirected to the login identifier page. Use this when your app’s primary action is sign-in (e.g. “Log in”).

• No prompt: AuthAction uses the current view or defaults based on context. Existing sessions may be reused when prompt is not login.

Validation

If you pass an invalid value (anything other than login or signup), AuthAction returns an error with the message:

prompt must be one of: login, signup

The invalid prompt is included in the error redirect so your app can correct or remove it.

Related Parameters

• ui_locales: Hint for preferred UI language (e.g. en, de). AuthAction persists this as the locale for the authorization flow.