We’re excited to release FusionAuth 1.60.0, featuring authentication capabilities that give you precise control over the login experience that your users have. This release centers on OpenID Connect (OIDC) prompt parameter support, enabling silent authentication, re-authentication requests, and consent prompting that modern applications demand.
We call this release The Prompt Param Piranha because it attacks the authentication flow challenges circling your applications, giving you the control you need to create seamless user experiences.
The power of prompt parameter control
The OIDC prompt parameter changes how applications handle some authentication flows. Whether you’re building single-page applications, mobile apps, or complex enterprise systems, the prompt parameter enables:
Silent authentication (prompt=none) Check if a user is already authenticated without interrupting their workflow. Your application can attempt authentication in the background and handle scenarios where the user needs to log in.
Forced re-authentication (prompt=login) Verify the user’s identity again for sensitive operations, even if they’re already authenticated. Use this for financial transactions, admin actions, or accessing sensitive data. This is similar to step up auth, but forces a re-authentication instead of an MFA challenge.
Consent management (prompt=consent) Ensure users explicitly consent for certain scopes, even if they’ve previously granted consent. Essential for privacy compliance and maintaining user trust when used with third party applications.
What this means for your applications
Enhanced security
The prompt parameter support enables step up authentication patterns where routine operations flow seamlessly, but sensitive actions trigger additional authentication. This gives you control over the balance between user experience and security requirements.
Better user experience
Silent authentication checks mean your applications can validate user sessions without unnecessary login prompts. This is especially useful for single-page applications. This reduces friction while maintaining security. Users stay in flow, and you stay secure.
Easier compliance
For applications dealing with financial data, healthcare records, or other regulated information, you can force re-authentication or explicit consent to meet compliance requirements without building custom workflows.
Getting started with prompt parameters
Implementing prompt parameter support in your application is straightforward. When initiating an authentication request, include the prompt parameter in your authorization URL:
https://your-fusionauth-instance.com/oauth2/authorize
?client_id=your-client-id
&response_type=code
&redirect_uri=your-redirect-uri
&scope=openid
&prompt=none
The parameter accepts these values:
none- Silent authentication (no UI shown to user)login- Force re-authenticationconsent- Force consent prompt
You can also combine values (space separated): prompt=login consent to force both re-authentication and consent.
Real-world use cases
E-commerce checkout Use prompt=none to silently check if a user is authenticated during checkout. If they are, proceed. If not, save their card, then redirect to login.
Financial dashboard Implement prompt=login for accessing account details or making transfers, ensuring users confirm their identity for sensitive operations.
Data sharing applications Use prompt=consent when connecting to third-party applications that want to access data using a token tied to the end user, ensuring users explicitly approve each data sharing operation.
Beyond the headline feature
While prompt parameter support is the star of this release, we’ve also delivered other improvements across the platform:
Performance boost for bulk operations - We’ve improved the performance of bulk user imports via the User API. If you’re migrating large user bases or regularly importing user data, these operations will complete much faster, especially if you have a large number of applications.
Enhanced search performance - User API searches returning expanded user records and user reindex operations now perform much better, especially at scale. Your dashboards and reporting will feel more responsive.
SAML enhancement - FusionAuth now supports SAML authentication responses with multiple assertions, giving you more flexibility in complex enterprise integration scenarios.
Quality of life improvements - We’ve enhanced error handling across password reset workflows, maintenance mode operations, and multi-factor authentication setup. The result is a more polished experience when things don’t go according to plan.
Here’s what else shipped in version 1.60.0:
Security enhancements
We’ve addressed several security-related issues and improved your user experience.
Bug fixes
This release includes fixes for cluster licensing consistency, Advanced Threat Detection rate limiting, account lockout password reset behavior, QR code visibility in dark mode, and air-gapped license handling.
The bottom line
Whether you’re building consumer applications that need seamless authentication flows or enterprise systems that require strict security controls, the OIDC prompt parameter support in FusionAuth 1.60.0 gives you the tools to create exactly the authentication experience your users need.
For complete technical details and all changes, check out the full release notes.
Take control of your authentication flows. Get started with FusionAuth and see what precise authentication control can do for your applications.
