Hi everyone, A while ago we had an issue with sha...
# talk-hydra
j
Hi everyone, A while ago we had an issue with sharing ory session cookie inside an iframe and your team helped us a lot. This page settings are working fine now - https://www.ory.sh/docs/hydra/guides/cookies for most of the browsers. We were able to share cookie in Chrome and Firefox, but it appears that for Safari hydra session cookie is not shared at all. And we are getting this error: The resource owner or authorization server denied the request. The flow cookie is missing in the request. Looks like all our setup is at risk now. I wonder if there is a valid way to skip this cookie check before providing an access token by code, I mean this step - https://www.ory.sh/docs/oauth2-oidc/authorization-code-flow#step-4-exchange-code-for-token? Thanks
s
This is a known limitation, see https://ory-community.slack.com/archives/C02MR4DEEGH/p1692048818911859 It is not secure to skip this check! We are however working with another Hydra customer on a solution for this exact issue. @rich-thailand-93889 can get you details on a support contract to prioritize this.