OIDC Relying Party Simulator (RP2)

REQUIRED. OpenID Connect requests MUST contain the openid scope value. If the openid scope value is not present, the behavior is entirely unspecified. Other scope values MAY be present. Scope values used that are not understood by an implementation SHOULD be ignored.

Space delimited, case sensitive list of ASCII string values that specifies whether the Authorization Server prompts the End-User for reauthentication and consent.

The defined values are:

none: the Authorization Server MUST NOT display any authentication or consent user interface pages.
login: the Authorization Server SHOULD prompt the End-User for reauthentication.
consent: the Authorization Server SHOULD prompt the End-User for consent before returning information to the Client.
select_account: the Authorization Server SHOULD prompt the End-User to select a user account.

The prompt parameter can be used by the Client to make sure that the End-User is still present for the current session or to bring attention to the request.

OPTIONAL. Maximum Authentication Age. Specifies the allowable elapsed time in seconds since the last time the End-User was actively authenticated by the OP. If the elapsed time is greater than this value, the OP MUST attempt to actively re-authenticate the End-User.

OPTIONAL. Requested Authentication Context Class Reference values. Space-separated string that specifies the acr values that the Authorization Server is being requested to use for processing this Authentication Request, with the values appearing in order of preference.

Examples:

gckey: this will enable the direct pass through to GCKey (if client decides not to use the SIC Chooser page).
mfa: this will enable mfa using the default "mfa" passport provider which is the Sign In Canada branded client configured on the 2ndFaaS.

Redirection URI to which the response will be sent. This URI MUST exactly match one of the Redirection URI values for the Client pre-registered at the OpenID Provider.

OPTIONAL. End-User's preferred languages and scripts for the user interface, represented as a space-separated list of language tag values, ordered by preference. For instance, the value "fr-CA fr en" represents a preference for French as spoken in Canada, then French (without a region designation), followed by English (without a region designation).

When this option is selected, the ui_locales parameter of the request will be set to the current language chosen by the End-User.

OPTIONAL. String value used to associate a Client session with an ID Token, and to mitigate replay attacks. The value is passed through unmodified from the Authentication Request to the ID Token.

OPTIONAL. Hint to the Authorization Server about the login identifier the End-User might use to log in (if necessary). This hint can be used by an RP if it first asks the End-User for their e-mail address (or other identifier) and then wants to pass that value as a hint to the discovered authorization service. It is RECOMMENDED that the hint value match the value used for discovery. This value MAY also be a phone number in the format specified for the phone_number Claim.