https://www.ory.sh/ logo
Join Slack
Powered by
<@U04UQ68083H> I am hosting kratos and hydra. I go...
# ory-copilot
c
@chilly-king-10285 I am hosting kratos and hydra. I got hydra configured to use kratos as idp. when I login using hydra I get the page of login refresh "Confirm it's you" while having a new fresh session. is there a way to get logged directly in my app without it ?
b
A message from kapa.ai
I understand your issue with the Hydra and Kratos integration. This is a known behavior where Hydra requires session confirmation even with a fresh session. The problem you're experiencing is related to how Hydra handles login sessions. When you're redirected to the login page with a "Confirm it's you" prompt despite having a fresh session, it's because Hydra doesn't automatically remember your login unless specific parameters are set. There are a few approaches to solve this: 1. Use 
prompt=none
parameter: You can use the 
prompt=none
parameter in your OAuth2 authorization request. This instructs Hydra not to display the login or consent user interface pages if the user is already authenticated. [Hydra FAQ](https://www.ory.sh/docs/hydra/faq#hydra-wont-remember-my-login) 2. Enable 
remember_me
parameter: Make sure to set the 
remember_me
parameter when accepting the login request. As mentioned in the Hydra FAQ: "Hydra only keeps track of the session if you set the 
remember_me
parameter in the 
accept login request
. Otherwise, the login challenge will always instruct you to show the login UI." [Hydra FAQ](https://www.ory.sh/docs/hydra/faq#hydra-wont-remember-my-login) 3. Enable persistent sessions: According to a GitHub issue discussion, Kratos does not persist sessions unless 
sessions.cookie.persistent
is enabled. For the flow to work end-to-end without requiring re-authentication, you need to enable this setting. [GitHub Issue #194](https://github.com/ory/network/issues/194) 4. Skip consent for trusted clients: If you're working with trusted clients, you can configure them to skip the consent screen. This won't directly solve the login confirmation issue but can streamline the overall flow. [OAuth2 OIDC Custom Login Consent Flow](https://www.ory.sh/docs/oauth2-oidc/custom-login-consent/flow#consent) The most direct solution appears to be enabling persistent sessions and using the 
remember_me
parameter when accepting login requests. This should prevent Hydra from requiring re-authentication for subsequent requests.
Open in Slack
PreviousNext
Powered by