https://www.ory.sh/ logo
Join Slack
Powered by
Having a bit of trouble understanding the point of...
# talk-hydra
q
Having a bit of trouble understanding the point of the 
login_challenge
. It states in the docs that "Ory Hydra appends a login_challenge query parameter to the url. The value is a ID which should later be used by the Login Endpoint to fetch important information about the request." What does this mean exactly? Does our implementation of the login endpoint need to call Ory Hydra with the challenge iD? I see the response, but its unclear why this step is needed as it doesn't match the inputs on the form for authenticating the user. Thanks.
b
You use the login challenge to call the Hydra admin endpoint which returns a response containing information such as the oauth client id etc
And based on the oauth client info you can accept or reject the login request
q
Thanks. What's the point of accepting or rejecting the request ?
Should I be verifying something based on the info from the challenge?
b
That's upto you. You are verifying the oauth client with the login challenge
How you verify whether the oauth client is allowed to perform the login request or not is upto your business logic
This is all the info you will get as a response which you can use to verify the oauth client
q
Hrmm ok sorta makes sense.
Thanks..I'll dig into it further
b
As an example, I store metadata regarding the oauth client (such as if it is allowed to do certain actions) and then allow/block the oauth client based on that metadata.
q
What's the flow? So ORY Hydra calls your backend, then you decide to show a login or not for a user to login for a particular oauth client..Whats an example logic of you rejecting and not allowing login?
b
I check the metadata and then accept/reject based on the permissions I set in the metadata. This is just my usecase
q
oh ok
so this login_challenge is passed to your backend as a query param
b
Yes
2 Views
Open in Slack
PreviousNext
Powered by