<!--IssueSummary start--> <details> <summary> Everyone can contribute. [Help move this issue forward](https://handbook.gitlab.com/handbook/marketing/developer-relations/contributor-success/community-contributors-workflows/#contributor-links) while earning points, leveling up and collecting rewards. </summary> - [Close this issue](https://contributors.gitlab.com/manage-issue?action=close&projectId=278964&issueIid=377368) </details> <!--IssueSummary end--> ### Summary When using GitLab as an OpenID provider, authentication fails if the authentication request uses `prompt=consent` (when not logged in), `prompt=select_account` or a combination that contains one of them, e.g. `prompt=login consent`. ### Steps to reproduce 1. Create an OAuth application in your account settings. 2. Setup an OpenID Connect client with the credentials from step 1. 3. Send an authentication request that includes the optional parameter `prompt=consent` in a fresh browser session (not logged into GitLab) 4. Send an authentication request that includes `prompt=select_account` ### What is the current *bug* behavior? - For `prompt=consent`: a error 500 page appears (tested on gitlab.com) - For `prompt=select_account`: the error code `invalid_configuration` is returned ### What is the expected *correct* behavior? According to the [OpenID Connect spec chapter 3.1.2.1](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest): - For `prompt=consent`: The Authorization Server SHOULD prompt the End-User for consent before returning information to the Client. - For `prompt=select_account`: The Authorization Server SHOULD prompt the End-User to select a user account. In both cases at least a fallback to the login prompt (as if `prompt=login` was specified) could be expected. ### Relevant logs and/or screenshots Error returned in the URL for `prompt=select-account`: ``` ?error=invalid_configuration&error_description=The+authorization+server+encountered+an+unexpected+condition+which+prevented+it+from+fulfilling+the+request. ``` Screenshot for `prompt=consent`:  (Request ID: 01GESPZ70KD4MHN4NPTPZDTQ9A) <!-- If you are reporting a bug on GitLab.com, uncomment below --> <!-- This bug happens on GitLab.com -->