support standard prompt query parameter

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@icynet/oauth2-provider",
-  "version": "1.0.5",
+  "version": "1.0.6",
   "description": "OAuth2.0 Provider for Icy Network",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

src/controller/authorization.ts

@@ -5,6 +5,7 @@ import {
   UnauthorizedClient,
   InvalidScope,
   AccessDenied,
+  InteractionRequired,
 } from '../model/error';
 import { OAuth2User } from '../model/model';
 import { data as dataResponse } from '../utils/response';
@@ -137,22 +138,31 @@ export const authorization = wrap(async (req, res) => {
     req.oauth2.logger.debug('User fetched from request');
   }
 
+  const prompt = ((req.query.prompt || '') as string).split(' ');
   let resObj: Record<string, string | number> = {};
   let consented = false;
 
   if (req.method === 'GET') {
     // Check if the user has already consented to this client with this scope
-    // TODO: reevaluate security implications
     consented = await oauth2.model.user.consented(
       oauth2.model.user.getId(user),
       oauth2.model.client.getId(client),
       scope
     );
 
+    if (!consented && prompt.includes('none')) {
+      throw new InteractionRequired('Interaction required!');
+    }
+
     // Ask for consent
-    if (!consented)
+    if (!consented || (
+        prompt.includes('login') ||
+        prompt.includes('consent') ||
+        prompt.includes('select_account')
+    )) {
       return oauth2.decision(req, res, client, scope, user, redirectUri);
     }
+  }
 
   // Save consent
   if (!consented) {

src/model/error.ts

@@ -92,3 +92,12 @@ export class UnsupportedResponseType extends OAuth2Error {
     super('unsupported_response_type', msg, 400);
   }
 }
+
+export class InteractionRequired extends OAuth2Error {
+  public name = 'OAuth2InteractionRequired';
+  public logLevel = 'info';
+
+  constructor(msg: string) {
+    super('interaction_required', msg, 400);
+  }
+}