You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, I'm attempting to add social sign-in features to my self-hosted app based on Kratos and Hydra. It mostly works, but logging in via OIDC as a new user does not result in a session. Specifically, the OIDC callback kratos/self-service/methods/oidc/callback/[...]?code=[...]&scope=openid profile email [...]&state=[...] gives a 303 to my login page, without any flow url param. My login page checks for an existing Kratos session -- by looking for an ory_kratos_session cookie, that seems fragile but works fine for the non-OIDC case -- and concludes that there is none, so it presents the login screen again. If I click "Sign in with ..." a second time, it works fine.
I tried this with both Kratos 1.1 and 1.2, same behaviour as far as I could tell. Perhaps relevant: I have set up an "after registration" webhook to do some provisioning for these OIDC based accounts.
I found this bug that seems similar or identical, but that's supposed to be fixed. I also found this question:
[...] The after-registration hook returns to the login page as per our Kratos config, requiring the user to log in again with Google OIDC, which might confuse them if the session is not created on the first attempt.
That is exactly my problem, but as far as I know I don't instruct Kratos to return to the login page after the hook, the hook simple returns a json message. Also that discussion never had any follow-up.
Am I supposed to have different logic in the login page? Do I perhaps need to configure things differently? Or is this a bug in Kratos? Thanks for any hints!
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hi, I'm attempting to add social sign-in features to my self-hosted app based on Kratos and Hydra. It mostly works, but logging in via OIDC as a new user does not result in a session. Specifically, the OIDC callback
kratos/self-service/methods/oidc/callback/[...]?code=[...]&scope=openid profile email [...]&state=[...]gives a 303 to my login page, without anyflowurl param. My login page checks for an existing Kratos session -- by looking for anory_kratos_sessioncookie, that seems fragile but works fine for the non-OIDC case -- and concludes that there is none, so it presents the login screen again. If I click "Sign in with ..." a second time, it works fine.I tried this with both Kratos 1.1 and 1.2, same behaviour as far as I could tell. Perhaps relevant: I have set up an "after registration" webhook to do some provisioning for these OIDC based accounts.
I found this bug that seems similar or identical, but that's supposed to be fixed. I also found this question:
That is exactly my problem, but as far as I know I don't instruct Kratos to return to the login page after the hook, the hook simple returns a json message. Also that discussion never had any follow-up.
Am I supposed to have different logic in the login page? Do I perhaps need to configure things differently? Or is this a bug in Kratos? Thanks for any hints!
Beta Was this translation helpful? Give feedback.
All reactions