I'm creating an OIDC provider with oidc-provider. For now, my Registration flow required email verification step, which is handler outside oidc-provider. This approach works but it leads to an issue that user can not automatically login after setting up their password.
I thinking of creating a new prompt policy name email-verification, something like:
https://<auth-endpoint>?client_id=...&prompt=email-verification
I wonder:
- Is this flow acceptable with OpenID Connect specs?
- Is there any document, tutorial or example in terms of specs or implementations of this approach?
- The case user register in mobile app, but open email link in web (we have a mobile app with different
client_idand of course, differentredirect_uri. What should we redirect user to the app without error.
Thanks,