https://www.ory.sh/ logo
Join Slack
Powered by
Hi , I'm calling this API of hydra /<oauth2/auth/...
# talk-hydra
t
Hi , I'm calling this API of hydra /oauth2/auth/requests/login/accept along with login challenge parameter but I'm getting this response as I'm trying to change subject.
Copy code
{'error': 'invalid_request', 'error_description': "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Field 'subject' does not match subject from previous authentication."}
Any steps to resolve this issue ? Hydra version - v1.11.10
b
Hi Yash, Are you passing the 
login_challenge
as a query param?
t
Yes I'm sending challenge in param But in this PUT request , earlier I was using some other subject value
Copy code
{'subject': 'yash', 'remember': True, 'remember_for': 1200}
And now i've changed this subject value to 'user.yash'
Copy code
{'subject': 'user.yash', 'remember': True, 'remember_for': 1200}
When I changed this subject , I got the mentioned error in response from hydra.
Hi @channel Any suggestions for this ?
l
you can't change the 
subject
of a previous authorization request, that would be a giant security hole
if you have an active session then you may need to force a re-authorization by using 
prompt=login
(ignoring the active session) during the 
/oauth2/auth
request
t
Hi @late-balloon-3804 Can i use this /oauth2/auth/sessions/login DELETE API path to invalidate all login sessions for current subject. Will this work and won't produce this error of 
subject change
?
l
I think that will work? that admin API should invalidate all active sessions for whatever subject is specified. I'm not sure it will work as I don't really know what you're trying to accomplish 😬
Open in Slack
PreviousNext
Powered by