You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have Kratos configured as an OAuth 2.0 client with Hydra. I am implementing
token based authentication.
I can sign up and log in one time in Postman or a browser.
If I log out and try to sign up again with a different identity in the same browser I cannot log in.
Reproducing the bug
CONTEXT:
I have Kratos configured as an OAuth 2.0 client with Hydra. I am implementing
token based authentication.
DEPENDENCIES:
Docker
docker-compose
Postman
SETUP:
Import the Postman collection.
Run the docker-compose.yml configuration with, 'docker-compose up.'
In Postman, under Settings/General in the Headers section, turn off:
'Automatically follow redirects'.
From Postman, run 'Manage Clients/Create OAuth 2.0 Client' to create the
client and populate the clientId variable.
PART ONE:
Execute the following requests in Postman, in order:
Registration/Authorize
Registration/Login Create Flow from Redirect
Registration/Registration Create Flow
Registration/Registration
Login/Authorize
Login/Login Create Flow
Login/Login
Login/Login Redirect Browser To Consent
Login/Consent Accept
Login/Consent Redirect
Login/Token
Logout/Logout GET
Logout/Logout
These steps succeed.
Now you can either:
Execute the Postman request 'Manage Identies/Delete Identity' to remove the
existing login.
Or,
Change the value of the variable, 'email' on the root 'Sign Up Bug' folder
in Postman.
Behaviour is the same in both cases.
PART TWO:
Execute the following requests in Postman, in order:
Registration/Authorize
Registration/Login Create Flow from Redirect
Registration/Registration Create Flow
Registration/Registration
Login/Authorize
Login/Login Create Flow
Login/Login
Step 7 returns a 500 Internal Server Error with the body:
{
"error": {
"code": 500,
"status": "Internal Server Error",
"reason": "Unable to accept OAuth 2.0 Login Challenge.",
"details": {
"oauth2_error_hint": "",
"status_code": 400
},
"message": "An internal server error occurred, please contact the system administrator"
}
}
MITIGATION:
Remove the 'ory_hydra_session_dev' cookie in the client (Postman.)
Re-execute PART ONE from step 5.
Login will now complete normally.
EXPECTED BEHAVIOUR:
Given that I have explicitly logged out, it should be possible to sign up again
from the same client without messing around with the cookies. It can be
difficult to reliably remove cookies from every client, even if you control the
server. signupbug.zip
Preflight checklist
Ory Network Project
No response
Describe the bug
I have Kratos configured as an OAuth 2.0 client with Hydra. I am implementing
token based authentication.
I can sign up and log in one time in Postman or a browser.
If I log out and try to sign up again with a different identity in the same browser I cannot log in.
Reproducing the bug
CONTEXT:
I have Kratos configured as an OAuth 2.0 client with Hydra. I am implementing
token based authentication.
DEPENDENCIES:
SETUP:
'Automatically follow redirects'.
client and populate the clientId variable.
PART ONE:
Execute the following requests in Postman, in order:
These steps succeed.
Now you can either:
existing login.
Or,
in Postman.
Behaviour is the same in both cases.
PART TWO:
Execute the following requests in Postman, in order:
Step 7 returns a 500 Internal Server Error with the body:
{
"error": {
"code": 500,
"status": "Internal Server Error",
"reason": "Unable to accept OAuth 2.0 Login Challenge.",
"details": {
"oauth2_error_hint": "",
"status_code": 400
},
"message": "An internal server error occurred, please contact the system administrator"
}
}
MITIGATION:
Remove the 'ory_hydra_session_dev' cookie in the client (Postman.)
Re-execute PART ONE from step 5.
Login will now complete normally.
EXPECTED BEHAVIOUR:
Given that I have explicitly logged out, it should be possible to sign up again
from the same client without messing around with the cookies. It can be
difficult to reliably remove cookies from every client, even if you control the
server.
signupbug.zip
Relevant log output
Relevant configuration
Version
v2.2.0
On which operating system are you observing this issue?
Linux
In which environment are you deploying?
Docker Compose
Additional Context
No response
The text was updated successfully, but these errors were encountered: