incalculable-petabyte-84501
11/14/2024, 9:46 AMerror=invalid_scope&error_description=The+requested+scope+is+invalid%2C+unknown%2C+or+malformed.+The+OAuth+2.0+Client+is+not+allowed+to+request+scope+%27openid%2Boffline_access%2Bemail%2Bprofile%27.&state=...
or error=request_forbidden&error_description=The+request+is+not+allowed.+No+CSRF+value+available+in+the+session+cookie
if i omit the scope,
Can you hint me what could be wrong?brief-egg-61061
11/14/2024, 9:46 AMbrief-egg-61061
11/14/2024, 9:46 AM/oauth2/auth
. This endpoint should only be accessed via a normal browser request. Additionally, when implementing your custom UI, you need to include the CSRF token in your requests. Here's an example of how to map UI nodes for CSRF protection: javascript filterNodesByGroups({ nodes: flow.ui.nodes, groups: ["default"], attributes: ["hidden"], }).map((node) => { if ( isUiNodeInputAttributes(node.attributes) && (node.attributes as UiNodeInputAttributes).type === "hidden" && (node.attributes as UiNodeInputAttributes).name === "csrf_token" ) { return ( <input type={node.attributes.type} name={node.attributes.name} value={node.attributes.value} /> ) } })
This code snippet is from the [Kratos custom UI integration basics](https://www.ory.sh/docs/kratos/bring-your-own-ui/custom-ui-basic-integration#debug) documentation. Lastly, make sure you're following the correct flow steps as outlined in the [OAuth2 login and consent flow documentation](https://www.ory.sh/docs/oauth2-oidc/custom-login-consent/flow#flow-steps). This will help ensure you're handling the login challenge and verifier correctly. If you're still encountering issues after addressing these points, you may need to review your implementation in more detail or consult the Ory community for further assistance.