Hello Due to some mistakes in FE we don t handle correctly c Ory Community #talk-kratos

Hello, Due to some mistakes in FE, we don't handle...

some-scooter-3723

02/22/2022, 6:33 AM

Hello, Due to some mistakes in FE, we don't handle correctly cookie checking at FE, due to some actions like reset password or registration got error like this one:

Copy code

{
  "code": 400,
  "status": "Bad Request",
  "reason": "A valid session was detected and thus recovery is not possible.",
  "message": "The request was malformed or contained invalid parameters"
}

I checked that there are 3 end points will check session:

Copy code

.ory/kratos/public/self-service/login
.ory/kratos/public/self-service/recovery
.ory/kratos/public/self-service/registration

For login endpoint, I can bypass this check via "refresh=true" param, but there is no param to bypass this for 2 remaining endpoints. My question here is: Do we really need to have this check? I think the requirement to have that checking is from business team, some kind like: some companies will allow end-user to reset pass + register the new one while they're logged in (Gmail is an example, we don't need to logout and we can register new accounts) --> should we have configure to turn on/off this check for recovery + registration flow (or, have same param refresh=true for these 2 flows)?

high-optician-2097

02/22/2022, 6:39 AM

I believe there's an open PR for this already!

some-scooter-3723

02/22/2022, 6:41 AM

let I check

some-scooter-3723

02/22/2022, 6:47 AM

you mean this one: https://github.com/ory/kratos/pull/2195? it's for recovery flow only, and you're in charged of it 🙂. Please review and think about registration also, thanks.

3 Views

Open in Slack

Previous Next