From 62b6df77e1ff172502cc764d39db643af5513112 Mon Sep 17 00:00:00 2001
From: Hoobi <7289249+hoobio@users.noreply.github.com>
Date: Sat, 23 May 2026 20:13:16 +1000
Subject: [PATCH] =?UTF-8?q?fix:=20=F0=9F=90=9B=20send=20single=20'prompt'?=
 =?UTF-8?q?=20value=20so=20Entra=20ID=20OIDC=20works?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Microsoft Entra ID rejects authorization requests with more than one
'prompt' value (AADSTS90023). The OIDC spec allows space-separated
values, and many IdPs (Keycloak, Okta) accept them, but Entra only
accepts one of login/none/consent/select_account/create.

The discovery-doc filter in OAuth::fetchWellKnown already narrows
_supportedPromtValues against 'prompt_values_supported', but Entra
does not publish that field, so the client falls back to the default
'select_account consent' and the authorize call fails.

Drop 'select_account' from the default and send only 'consent'.
Entra still shows an account picker on first sign-in to a tenant.
Multi-account use is already covered by the desktop client's own
account wizard.

Fixes opencloud-eu/desktop#871
Refs owncloud/client#8562
---
 src/libsync/theme.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/libsync/theme.cpp b/src/libsync/theme.cpp
index a93828ccc..ef1c5c596 100644
--- a/src/libsync/theme.cpp
+++ b/src/libsync/theme.cpp
@@ -346,7 +346,7 @@ QString Theme::openIdConnectScopes() const
 
 QString Theme::openIdConnectPrompt() const
 {
-    return QStringLiteral("select_account consent");
+    return QStringLiteral("consent");
 }
 
 bool Theme::oidcEnableDynamicRegistration() const