rapid-caravan-83620
03/14/2025, 2:10 PM/auth/login
endpoint (React app acting as self service UI) appending the login_challenge=xyz
in the query params.
then we initiate a flow using the ory front sdk.
sdkMgr.getSdk().createBrowserLoginFlow({
refresh: true,
aal: aal2 ? 'aal2' : 'aal1',
returnTo: returnTo || undefined,
loginChallenge: loginChallenge || undefined,
})
The user has to log again to complete the flow
if I want to make it transparent to the user, especially who has logged before, it seems i could use: .toSession()
from the sdk method to check if a ory kratos session already exists ?
• Hydra endpoints to get/accept login challenge request seems to be admins endpoints and then not exposable to public
• there could be an app to handle the login and use these former endpoints, but I thought it was already Kratos job to talk to Hydra through these endpoints to validate the login without having to redirect him to login
lot of confusion, i'm sure there is something inherently wrong in the approach
help appreciated! 🙂magnificent-energy-493
rapid-caravan-83620
03/14/2025, 3:15 PMrapid-caravan-83620
03/14/2025, 3:16 PMrapid-caravan-83620
03/14/2025, 3:17 PMmagnificent-energy-493
.toSession()
. This is exactly how you check if a user already has a valid session.
When you call createBrowserLoginFlow
with refresh: true
, you're explicitly telling Kratos to ignore the existing session and force a re-login.
Instead, when you detect an existing session, you should:
1. Accept the login challenge directly
2. Skip showing the login UI entirely
This is already solved in the built-in UI in Ory Network if that is an option for you to use.rapid-caravan-83620
03/17/2025, 8:31 AM.toSession()
) to an /admin
endpoint of hydra
which is not supposed to be publicly available right ?
This is where resides my issuerapid-caravan-83620
03/18/2025, 2:54 PM1. Accept the login challenge directlyshould that be made between Kratos and Hydra ? or do i absolutely need to bootstrap a login handler/server to actually make the call for accepting the login request ?
late-balloon-3804
03/18/2025, 3:15 PMlogin_challenge
which should have a Skip
value that lets you know whether you can skip showing the authentication UI for that subject. you can go straight to accepting the hydra login requestrapid-caravan-83620
03/18/2025, 3:31 PMyou can go straight to accepting the hydra login requestfrom where do i accept a hydra login request? my setup: • i only have the front/ UI (and Ory frontend Sdk) • i do not have a login handler (as a login handler on a dedicated app) • i do only have kratos + hydra • I can't accept the login request from the front since it's a
/admin/...
endpointrapid-caravan-83620
03/18/2025, 3:32 PMrapid-caravan-83620
03/18/2025, 7:42 PM