https://www.ory.sh/ logo
Join Slack
Powered by
Hi, any way to make the social sign-in redirect UR...
# ory-network
w
Hi, any way to make the social sign-in redirect URI use my custom domain on ory cloud ? I'm getting weird CSRF errors (https://github.com/ory/kratos/discussions/2108) because of it in production
h
@wonderful-midnight-19586 what’s the URL of your prod service? I can take a look
w
it happened when I tried to signup with a random google account I own
sign-in works fine and it does register the account
the sight is normally fully translated in english but let me know if you have an issue
h
Ok strange, I just tried the registration flow with google on https://parcels.co/signup and it worked
sign in also works for me .. hm
w
maybe it was a one time thing
h
when does this happen?
i think it could be a bug related to an old cookie or something, i’m not sure
if you observe the problem again can you please send an XHR replay of the network log?
w
yes it's what I thought as well so when the issue happens I added a link to reinitialize the session
yes sure
h
Thank you! That will be very helpful because then we can narrow down what the problem is and fix it. I’m like 85% confident it’s some cookie that is not being properly re-generated. But it’s much easier to find the bug if you can see the network log 🙂
w
Interesting case, my browser pre-fills (autocomplete) the email in the signup form (at https://parcels.co/signup), and when the user clicks the google sign-up button, a payload is sent to the form action url (/api/.ory/self-service/registration?flow=<flow-id>). with the pre-filled email in traits.email Then when I get redirected to google (
Copy code
<https://accounts.google.com/o/oauth2/v2/auth?client_id=><client-id>&redirect_uri=<my-ory-cloud>%2Fself-service%2Fmethods%2Foidc%2Fcallback%2Fgoogle&response_type=code&scope=email+profile+openid&state=<state>
), I pick a different email to sign-up with but it still uses the pre-filled email to try and register with ory
After that, even if I logout, when I come back to register with another user (and delete the email in the field just in case) it still re-uses the same email over and over to log me in
even in this case it still logs me in with the previous login, I must be missing something.
Even if I delete all the cookies I still get signedup with my other google account
This starts to seem more like it simply takes the first google account it finds for a token I own... let me know if I can debug or something I did wrong in the conf
h
w
But for me, it also happens if the user is logged out and does registration while already being logged in with google
so it might be the same bug just a tad different
how can I help fix this ?
I know Golang
h
ah that’s quite possible! yes of course, the code for social sign up is here: https://github.com/ory/kratos/blob/master/selfservice/strategy/oidc/strategy_registration.go 🙂
4 Views
Open in Slack
PreviousNext
Powered by