feat: Add prompt parameter support to OAuth2 authorization request (#295)

Copilot · mrudatsprint · web-flow · commit e7c7e7a3841b · 2026-04-08T17:00:55.000-06:00
* Initial plan * feat: add prompt parameter support to OAuth2 authorize URL Agent-Logs-Url: https://github.com/FusionAuth/fusionauth-android-sdk/sessions/2cf5dc51-061f-4e9e-847c-ed3cdc76bab9 Co-authored-by: mrudatsprint <2787768+mrudatsprint@users.noreply.github.com> * test: add e2e test for prompt=login and expose prompt via startAuth() Agent-Logs-Url: https://github.com/FusionAuth/fusionauth-android-sdk/sessions/98961787-dd46-40b0-b58e-09cd12bd21b4 Co-authored-by: mrudatsprint <2787768+mrudatsprint@users.noreply.github.com> * Added end to end tests that test the prompt parameter. * Per datekt analysis, remove unnecessary try catch block. --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: mrudatsprint <2787768+mrudatsprint@users.noreply.github.com> Co-authored-by: Mike Rudat <mike.rudat@fusionauth.io>
diff --git a/app/src/androidTest/java/io/fusionauth/sdk/FullEnd2EndTest.kt b/app/src/androidTest/java/io/fusionauth/sdk/FullEnd2EndTest.kt
@@ -8,6 +8,7 @@ import androidx.test.espresso.assertion.ViewAssertions.matches
 import androidx.test.espresso.intent.Intents
 import androidx.test.espresso.matcher.ViewMatchers.isDisplayed
 import androidx.test.espresso.matcher.ViewMatchers.withId
+import androidx.test.espresso.matcher.ViewMatchers.withText
 import androidx.test.ext.junit.rules.ActivityScenarioRule
 import androidx.test.ext.junit.runners.AndroidJUnit4
 import androidx.test.platform.app.InstrumentationRegistry
@@ -62,6 +63,22 @@ internal class FullEnd2EndTest {
         logout()
     }
 
+    @Test
+    fun e2eTestWithPromptLogin() {
+        loginWithPrompt(USERNAME, PASSWORD, "login")
+        logout()
+    }
+
+    @Test
+    fun e2eTestWithPromptNone() {
+        loginActivityRule.scenario.onActivity { activity ->
+            activity.startAuth("none")
+        }
+
+        // Now assert error UI is present
+        verifyAuthorizationError()
+    }
+
     @Test
     fun e2eTestSwitchFromPrimaryToAlternative() {
         login(USERNAME, PASSWORD)
@@ -202,6 +219,23 @@ internal class FullEnd2EndTest {
         }
     }
 
+    /**
+     * Starts auth with the given prompt. Handles login form and token activity only.
+     * Does NOT check for error UI. Tests should check for error UI if expected.
+     */
+    private fun loginWithPrompt(username: String, password: String, prompt: String) {
+        loginActivityRule.scenario.onActivity { activity ->
+            activity.startAuth(prompt)
+        }
+
+        handleFALoginForm(username, password)
+        verifyOnTokenActivity()
+    }
+
+    private fun verifyAuthorizationError() {
+        onView(withText("Not authorized")).check(matches(isDisplayed()))
+    }
+
     @After
     fun tearDown() {
         logger.info("Tearing down test")
diff --git a/app/src/main/java/io/fusionauth/sdk/LoginActivity.kt b/app/src/main/java/io/fusionauth/sdk/LoginActivity.kt
@@ -81,7 +81,7 @@ class LoginActivity : AppCompatActivity() {
     }
 
     @MainThread
-    fun startAuth() {
+    fun startAuth(prompt: String? = null) {
         displayLoading("Making authorization request")
 
         lifecycleScope.launch {
@@ -94,7 +94,8 @@ class LoginActivity : AppCompatActivity() {
                         OAuthAuthorizeOptions(
                             cancelIntent = Intent(this@LoginActivity, LoginActivity::class.java)
                                 .setFlags(Intent.FLAG_ACTIVITY_CLEAR_TOP),
-                            state = "state-${System.currentTimeMillis()}"
+                            state = "state-${System.currentTimeMillis()}",
+                            prompt = prompt
                         )
                     )
             } catch (e: AuthorizationException) {
diff --git a/library/src/main/java/io/fusionauth/mobilesdk/oauth/OAuthAuthorizationService.kt b/library/src/main/java/io/fusionauth/mobilesdk/oauth/OAuthAuthorizationService.kt
@@ -118,6 +118,7 @@ class OAuthAuthorizationService internal constructor(
         options?.state?.let { authRequestBuilder.setState(it) }
         options?.loginHint?.let { authRequestBuilder.setLoginHint(it) }
         options?.nonce?.let { authRequestBuilder.setNonce(it) }
+        options?.prompt?.let { authRequestBuilder.setPrompt(it) }
 
         val completedPendingIntent = PendingIntent.getActivity(
             context,
@@ -173,6 +174,7 @@ class OAuthAuthorizationService internal constructor(
         options?.idpHint?.let { additionalParameters["idp_hint"] = it }
         options?.deviceDescription?.let { additionalParameters["metaData.device.description"] = it }
         options?.userCode?.let { additionalParameters["user_code"] = it }
+
         return additionalParameters
     }
 
diff --git a/library/src/main/java/io/fusionauth/mobilesdk/oauth/OAuthAuthorizeOptions.kt b/library/src/main/java/io/fusionauth/mobilesdk/oauth/OAuthAuthorizeOptions.kt
@@ -38,6 +38,15 @@ data class OAuthAuthorizeOptions(
      * authorization server includes this value when redirecting the user-agent back to the client.
      */
     val state: String? = null,
+    /**
+     * The prompt parameter to be used for the OAuth authorize request. This parameter indicates
+     * whether the authorization server should prompt the end-user for reauthentication or consent.
+     * Standard OIDC values include: none, login, consent, select_account.
+     *
+     * See [OIDC prompt parameter](https://fusionauth.io/docs/lifecycle/authenticate-users/oauth/prompt)
+     * for more information.
+     */
+    val prompt: String? = null,
     /**
      * The end-user verification code.
      */
diff --git a/library/src/test/java/io/fusionauth/mobilesdk/OAuthAuthorizeOptionsTest.kt b/library/src/test/java/io/fusionauth/mobilesdk/OAuthAuthorizeOptionsTest.kt
@@ -0,0 +1,39 @@
+package io.fusionauth.mobilesdk
+
+import io.fusionauth.mobilesdk.oauth.OAuthAuthorizeOptions
+import org.junit.Assert.assertEquals
+import org.junit.Assert.assertNull
+import org.junit.Test
+
+class OAuthAuthorizeOptionsTest {
+
+    @Test
+    fun `prompt defaults to null`() {
+        val options = OAuthAuthorizeOptions()
+        assertNull(options.prompt)
+    }
+
+    @Test
+    fun `prompt can be set to login`() {
+        val options = OAuthAuthorizeOptions(prompt = "login")
+        assertEquals("login", options.prompt)
+    }
+
+    @Test
+    fun `prompt can be set to consent`() {
+        val options = OAuthAuthorizeOptions(prompt = "consent")
+        assertEquals("consent", options.prompt)
+    }
+
+    @Test
+    fun `prompt can be set to none`() {
+        val options = OAuthAuthorizeOptions(prompt = "none")
+        assertEquals("none", options.prompt)
+    }
+
+    @Test
+    fun `prompt can be set to select_account`() {
+        val options = OAuthAuthorizeOptions(prompt = "select_account")
+        assertEquals("select_account", options.prompt)
+    }
+}

Original file line number	Diff line number	Diff line change
`@@ -81,7 +81,7 @@ class LoginActivity : AppCompatActivity() {`
`81`	`81`	`}`
`82`	`82`
`83`	`83`	`@MainThread`
`84`		`- fun startAuth() {`
	`84`	`+ fun startAuth(prompt: String? = null) {`
`85`	`85`	`displayLoading("Making authorization request")`
`86`	`86`
`87`	`87`	`lifecycleScope.launch {`
`@@ -94,7 +94,8 @@ class LoginActivity : AppCompatActivity() {`
`94`	`94`	`OAuthAuthorizeOptions(`
`95`	`95`	`cancelIntent = Intent(this@LoginActivity, LoginActivity::class.java)`
`96`	`96`	`.setFlags(Intent.FLAG_ACTIVITY_CLEAR_TOP),`
`97`		`- state = "state-${System.currentTimeMillis()}"`
	`97`	`+ state = "state-${System.currentTimeMillis()}",`
	`98`	`+ prompt = prompt`
`98`	`99`	`)`
`99`	`100`	`)`
`100`	`101`	`} catch (e: AuthorizationException) {`