Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hello, I’ve got Hydra and Kratos set up and working more or less fine. But I’m wondering how to handle a user logging in via OAuth2/OIDC when they already have an active login session via Kratos. Is there anyway for the Kratos selfservice frontend to detect the existing session and approve the login request automatically (including accepting the oauth login challenge)? Or will I have to use the Hydra SDK directly in that case?

If a valid user session exists already, the browser will be redirected to `urls.default_redirect_url` unless the query parameter `?refresh=true` was set.
The optional query parameter `login_challenge` is set when using Kratos with Hydra in an OAuth2 flow. If this endpoint is opened as a link in the browser, it will be redirected to `selfservice.flows.login.ui_url` with the flow ID set as the query parameter `?flow=`.

The relevant section from our API docs:
<https://www.ory.sh/docs/kratos/reference/api>
``` If a valid user session
exists already, the browser will be redirected to `urls.default_redirect_url` unless the query parameter
`?refresh=true` was set.```
So it should work out of the box AFAICT :thinking_face: