There's supposedly some privileged session that ge...
# generall
little-gpu-72755
03/13/2025, 9:48 PMThere's supposedly some privileged session that gets set? I think that may not be detected?
m
magnificent-energy-493
03/14/2025, 12:40 AM
See here for more info about the privileged session: https://www.ory.sh/docs/kratos/session-management/session-lifespan#privileged-sessions
redirect loop could have multiple causes.
When a recovery flow is successfully completed, Ory Kratos redirects the user to the settings page.What is the required AAL for /settings? this might help, not sure 🤔
Copy code
selfservice:
flows:
settings:
required_aal: aal1l
little-gpu-72755
03/14/2025, 6:51 AMIt was set to
highest_available Copy code
settings:
ui_url: <https://HOSTNAME/dashboard>
privileged_session_max_age: 15m
required_aal: aal1
after:
.....webhook snippedlittle-gpu-72755
03/14/2025, 6:55 AMIt ends up through the login flow which says An active session was found but it does not fulfill the requested Authenticator Assurance Level. Could this be UI-side?
m
magnificent-energy-493
03/14/2025, 2:31 PM
Hmm... hmmmge
I figured the problem is that you require aal2 for settings, but you only get aal1 when running the recovery, so it tries to redirect back to get aal2 through your second factor resulting in a redirect loop somehow.
l
little-gpu-72755
03/19/2025, 3:39 PMWould some other flows matter?
little-gpu-72755
03/19/2025, 3:43 PMLogin for example?
little-gpu-72755
03/27/2025, 6:39 PMOr could this be the UI not detecting something correct? Session stuff maybe?
little-gpu-72755
03/27/2025, 6:41 PMChecked, login flow just has ui_url and lifespan
little-gpu-72755
03/27/2025, 6:47 PMI'll slap the UI session detection thing in a gist tomorrow
4 Views