Hi, Janis. No additional actions should be needed if it's a required parameter according to the spec. Could you please describe the conditions in which the issue occurs? Having the actual authorization request that triggers it would be great, can you share it?

Hello, problem appear when, for example, error=login_required is responded to client (remote error handling method). Here are some fragments from http log (cropped out headers ): req: 2023-02-13 10:35:49,735 DEBUG [qtp2114444063-19] [org.gluu.oxauth.audit.debug.ServletLoggingFilter] (ServletLoggingFilter.java:91) - {"senderIP":"127.0.0.1","method":"GET","path":"/oxauth/restv1/authorize","params": {"mdsessionid":"203900000000009E78","scope":"openid profile persistentId","acr_values":"secure","response_type":"code","redirect_uri":"https://callback.url","state":"d2758ceb-a03c-563d-8000-00000489c07b","nonce":"eA3NSJ9","prompt":"login","client_id":"54tgrgf34-0c44-49fb-8a0e-1det43tg3a0d"} .............. resp: 2023-02-13 10:35:57,854 DEBUG [qtp2114444063-19] [org.gluu.oxauth.audit.debug.ServletLoggingFilter] (ServletLoggingFilter.java:92) - {"status":302,"headers": {"Set-Cookie":"csfcfc=bfF1z9l%2BkzXct43t4tgQOv%2F%2F%2Bg%3D%3D; Path=/oxauth; Secure; HttpOnly","Expires":"Thu, 01 Jan 1970 00:00:00 GMT","Location":"https://callback.url?error_description=The+Authorization+Server+requires+End-User+authentication.+This+error+MAY+be+returned+when+the+prompt+parameter+in+the+Authorization+Request+is+set+to+none+to+request+that+the+Authorization+Server+should+not+display+any+user+interfaces+to+the+End-User%2C+but+the+Authorization+Request+cannot+be+completed+without+displaying+a+user+interface+for+user+authentication.&hint=Create+authorization+request+to+start+new+authentication+session.&error=login_required"} }

Hello, do you need any additional details for investigation? Thank you.