Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

I'm implementing OIDC with hydra for my kratos frontend. Everything works well for the example self-service-ui. It also works well if a user is not logged in yet, so creating a new login flow &amp; then submitting it. However if a user is already logged in &amp; I call createBrowserLoginFlow with the loginChallenge parameter I get back a `200 OK` however the returned session is `null` .  If I also set `refresh:true` then I get back a valid flow, but I don't want the user to have to input the password each time.

In my mind if I try to request a new login flow with a loginchallenge I should get back either "browser_location_change_required" so I can continue the OIDC flow OR at least a "session_already_available".

Found the solution. One has to simply forward to the create login flow endpoint (self-service/login/browser) with the `login_challenge` as parameter and no body. This does not work when using the kratos client.
Maybe that should be documented since it was not clear from looking up the API documentation.