Hello I have a strange problem. We are running a production ory network with a custom domain and everything works fine. I now want to add oauth2 client that I can use to authenticate CLI and when I perform the authentication the browser redirect with

<http://localhost:3000/callback?error=request_forbidden&error_description=The+reques[…]in+the+session+cookie.&state=5bfead36bed05618599e460c2cfcc838>

If i create a development project the very same setup works and I got redirected with the

code

which I can exchange for token etc. I assume the problem is coming from that the project probably is in production and something with the custom domain ? Can you help here, thanks

Can you share the clients of both projects, and which redirect is actually happening? I can't follow what the error is you get or what behavior is unexpected.

Do you mean the client ids or something else ?

What is the exact error you get?

The+request+is+not+allowed.+No+CSRF+value+available+in+the+session+cookie

Did you already check https://www.ory.sh/docs/troubleshooting/csrf?

No i haven't i'll take a look thanks. I didn;t get it how CSRF could be related to a CLI which triggers auth with response_type=code i,e, u do the very same as ory cli do as a flow. When i started a new dev project this problem disappears and everything worked as expected.

It is probably due to the CSRF cookie not being properly set. The error would happen before the redirect to your CLI, but what we do is redirect to the CLI anyway with the error details, so you can handle it there, e.g. by restarting the flow.