Hello. We're working on an OAuth2 integration using Ory, and are using our own authentication backend (as outlined here https://www.ory.sh/docs/oauth2-oidc/custom-login-consent/flow#flow-steps). Question: do we need to have custom domains enabled for us to test this functionality on an Ory Network project? We're getting an error upon redirect to the consent screen with these errors in the query params:

?error=request_forbidden&error_description=The+request+is+not+allowed.+No+CSRF+value+available+in+the+session+cookie.

Upon further investigation, we're seeing that the cookie is not getting set when the initial redirect to the login page. I suspect this is because our Ory Network project is on a different domain from our authentication backend. The same code works well locally though (on

localhost + docker Hydra

).

Yes, it seems that this would be fixed by using a custom domain. You can try the Ory Proxy/Tunnel, but not sure if that works. https://www.ory.sh/docs/guides/cli/proxy-and-tunnel

Hi @steep-lamp-91158 - thanks for the response. Are you able to confirm whether Ory Proxy/Tunnel is designed to work with the OAuth2 product as well? All the examples I see there are related to Identities / Kratos.

Hey Fred, for the the Auth Code flow it should work.