Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

is it possible to prevent having to re-enter the user's password when a user is logged in with a kratos session (has cookie/token), and then the user is directed to a hydra client? The kratos `self-service/login/browser` url is the login redirect registered with Hydra. I know that the user needs to grant the oauth2 scopes, but kratos directs the user to the login page and is aware of the users current session. Is there a way I can accept the flow and move on to the consent without the user having to re-enter their password?

I have tried adding ?refresh=false&prompt=none to the redirect url registered with hydra. Is there a way to submit the flow since the user is logged in and not have to include the password?

EDIT: solved by creating an endpoint that accepts the login through hydra directly that sits behind middleware that validates the kratos session.