https://www.ory.sh/ logo
Join Slack
Powered by
Hey, we have *login after registration* set up wit...
# ory-network
g
Hey, we have login after registration set up with our Ory Network project but need the login part of the flow to involve to our oauth client. We have a authorisation code flow with Ory Elements on our custom login page 
<https://app.example.com/login>
which works for login. For our registration page 
<https://app.example.com/signup>
is there anything we need to submit with the flow, we're using 
ory.createBrowserRegistrationFlow(...)
. We don't want to have to send users to 
/login
just after they've signed up. Any pointers would be much appreciated 🙏 we've tried including a 
login_challange
but that had no affect.
p
Hey @gray-shoe-60285 You should enable 
/services/identity/oauth2_provider/override_return_to=true
https://www.ory.sh/docs/oauth2-oidc/identity-provider-integration-settings If you have a brand new project this is enabled by default. However, if you are enabling it on an existing project, please take note of any 
return_to
URLs set by your UI, since they will be overwritten by this setting in an OAuth flow. Then include the login challenge in the URL to Ory Network registration endpoint https://github.com/ory/kratos-selfservice-ui-node/blob/master/src/routes/registration.ts#L52C19-L66 https://www.ory.sh/docs/reference/api#tag/frontend/operation/createBrowserRegistrationFlow
You can find examples of the Account Experience handling scenarios such as yours inside this repository https://github.com/ory/kratos-selfservice-ui-node.
g
Thanks Alano, I can see from some comments documenting 
createBrowserRegistrationFlow
that including the 
loginChallenge
is not compatible when using Hydra on Ory Network? We'd like to stick with an Ory Network only solution. Is there another means to achieve the above? 
/services/identity/oauth2_provider/override_return_to=true
was indeed already set to true for us. But including a 
login_challenge
in 
createBrowserRegistrationFlow
has no effect
p
This is an old comment. The account experience uses this query parameter inside the registration flow on Ory Network projects. https://github.com/ory/kratos-selfservice-ui-node/blob/master/src/routes/registration.ts#L43-L56
g
Ah I see, thank you!
I have included the 
login_challange
in the peramaters in 
createBrowserRegistrationFlow
and can see it is appending it when it does the request to create the flow:
The response from submitting the flow is still a 200 however, no part of the oauth login seems to be triggered. We obtained the 
login_challenge
after being redirected back from our oauth endpoint. Could it be that this 
login_challange
is somehow not correct?
p
Hi Brandon, Do you mean the user is not redirected after registration or before? Appending the login_challenge to the create registration flow will store this data inside the flow object. You can get this data by doing a GET request to Ory with the flow ID.
How the flow should work. Initialize OAuth -> Login -> user navigates to registration (add login_challenge) -> user completes registration -> user is redirected back to the initial OAuth request -> redirect to login -> user has session -> show consent -> redirect back to OAuth client
You can should also enable this if you want the users to get redirected back to the OAuth flow after completing multiple different flows, such as account recovery, since the flow changes from recovery -> settings. https://www.ory.sh/docs/oauth2-oidc/identity-provider-integration-settings
g
Thanks for getting back to me @proud-plumber-24205 At the moment we are using the 
login_challange
from staring a login flow, and we then append this when creating the registration flow. We then use the flow ID from the newly created registration flow when submitting registration. But after registration the user is not redirected. We just get a 
200
response , not 
422
. Is there something in the body of the 200 that need to we manually need to redirect?
At the moment, we are just copying the 
login_challange
from the url query param after we are redirected to our custom login page when our oauth login flow is started. Our registration is submitted on a separate 
/signup
page. This isn't ideal but we're just trying to get things working
p
Hmm that's interesting. It's supposed to redirect you. Have you tried doing a native post instead of an AJAX call? there might be a bug between these two behaviors
g
Have just tried using native post but same got the same result. I've checked the stages of flow creation and submission. It's the correct flow ID, and the flow is created with the 
login_challange
appended. Does anything flag up here to you?
p
it looks okay to me. Could you send me the HAR file of these requests in a DM? And do you have the 
override_return_to
enabled in your config?
Copy code
ory patch ory patch project <your-project-id> \
  --replace '/services/identity/oauth2_provider/override_return_to=true'
g
Thanks Alano, I have sent you the HAR files in a DM and have checked that 
override_return_to
is enabled:
Open in Slack
PreviousNext
Powered by