https://www.ory.sh/ logo
Join Slack
Powered by
Does anyone know how the following endpoint is sup...
# talk-kratos
m
Does anyone know how the following endpoint is supposed to be used? 
<kratos-public-url>/self-service/methods/oidc/callback/:providerId
it's not documented in the Kratos HTTP API docs, but is referenced in the social-sign-in troubleshooting page For context, I'm following these docs for a generic provider (Okta in this case): https://www.ory.sh/docs/kratos/social-signin/generic and I have my app redirecting to the following URL to sign in via Okta: 
<https://my-okta-login.example.com/oauth2/v1/authorize?client_id=${oidcClientId}&redirect_uri=${publicKratosBaseUrl}/self-service/methods/oidc/callback/okta-test&response_type=code&scope=email+profile+openid&state=ZDNmYjk2NzktZmUyMS00NTY1LThjNGUtYjg5MzVjNGY1OTJmOnNvbWVkYXRh>
(note the 
redirect_uri
is using the Kratos endpoint in question) But after logging into Okta, I'm seeing a 
No active session was found in this request
error in the Kratos logs and no 
ory_kratos_session
cookies is set. What could I be missing? See thread below for my configs and Kratos debug log output. Kratos image: 
oryd/kratos:v1.0.0
Here's the relevant portion of my config:
Untitled
Here are the Kratos debug logs
Untitled
b
Everything looks okay, except that you seem to be missing the “session” registration hook in your configuration for the oidc method. E.g. replace “password” with “oidc “selfservice.flows.registration.after” (or add the same section below that as well).
m
Hmmm so I replaced the "selfservice.flows.registration.after" section of my config, so it looks like this now:
Copy code
registration:
      lifespan: 10m
      ui_url: <http://127.0.0.1:4455/registration>
      after:
        oidc:
          hooks:
            - hook: session
but I'm still getting the same error 🤔
When the browser redirects to 
<http://127.0.0.1:4433/self-service/methods/oidc/callback/okta-test>
, I'm seeing the same Kratos errors above, and it's still returning a 303 redirect to 
<http://127.0.0.1:4455/error?id=2c3583ab-0356-401c-ba9e-a645e8ba6a6f>
b
huh, that’s strange. any logs related to the id “2c3583ab-0356-401c-ba9e-a645e8ba6a6f”?
m
Is the goal to have kratos set a 
ory_kratos_session
cookie?
b
yes, I believe so
m
Relevant logs with this error message
Untitled
(it's pretty much the same as my logs posted earlier, except I'm including the 
kratos-kratos-selfservice-ui-node-1
pod's logs as well)
b
Thanks, but I believe the relevant logs would be before these. IIRC, kratos should log the error that it creates before redirecting to /error.
m
b
Ahh, thanks. Slack truncated the logs… This seems to be a bug, related to recent changes around account linking. Could you create a GitHub issue with all the logs you have and the config? Thank you.
m
Will do 👍
I'm now looking through the kratos config docs, and wondering if I should also set 
selfservice.flows.login.after.oidc
? (just guessing at this point)
b
I don’t think it would pass config validation. Login already assumes that the end result is a session.
m
Filed an issue here: https://github.com/ory/kratos/issues/3635 Thank you for the help! Looking forward to hearing any updates or bug fixes 🤞
FYI I'm poking at the stack trace, and I think the error might be due to the 
state
query param that I'm passing through to that 
/self-service/methods/oidc/callback/okta-test
endpoint. I left a comment with some details here: https://github.com/ory/kratos/issues/3635#issuecomment-1823376941
19 Views
Open in Slack
PreviousNext
Powered by