https://www.ory.sh/ logo
#talk-hydra
Title
# talk-hydra
b

blue-waitress-12929

10/29/2021, 11:30 AM
Howdy. I'm trying to understand OAuth2 flow when connecting with different clients. Assume we have OAuth2 Client A, which is first-party application, where consent is automatically accepted. We have OAuth2 Client B, which is third-party application, that wants to access data from the first-party application. Everything works great with the 1st party app. When the user is logged in to the 1st party app and tries to authenticate with 3rd party app, the user has to log in again. It would make sense to me to skip login and only ask for consent for this OAuth2 client. Hydra doesn't seem to be doing that for me. How could I proceed with this?
l

limited-tent-11422

10/29/2021, 11:32 AM
Your consent handler should distinguish between first- and third- party clients somehow (e.g. reading client metadata) and automatically accept consent for first-party apps.
b

blue-waitress-12929

10/29/2021, 11:34 AM
That is already working. Problem is that the client is required to log in again when he needs to authorize OAuth2 Client B, but already authorized OAuth2 Client A. It is waiting for the login, which is before consent.
l

limited-tent-11422

10/29/2021, 11:35 AM
Login request has
Skip
and
Subject
fields which if present allow you to skip login in login handler as well.
Basically if skip is true then you autologin instead of showing the login page.
b

blue-waitress-12929

10/29/2021, 11:36 AM
Basically the issue is, that our current version of frontend (web app) does not support login, when user is already logged in. When an user tries to authorize Client B, he is shown the app itself, instead of the login page. While I could have the web app configured to not redirect away from the login page even when logged in, I'm trying to understand why Hydra just won't give me
skip: true
for this use case.
l

limited-tent-11422

10/29/2021, 11:38 AM
What is the
prompt
value you pass to authorization endpoint? (if there is any)
b

blue-waitress-12929

10/29/2021, 11:41 AM
Currently I do not have this value configured, but trying out
prompt=consent
did not help
I have configured
remember
value for the user to
true
and 14 days - testing reauth in the app while logged-in results in automatic skipping.
This is what happens in the first-party app, when you try to reauthorize. All these steps are done/skipped automatically.
But when using third-party app, it does not skip the login
The flow works, when I'm not logged in to the 1st-party app.
3 Views