Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hello everyone,
I am trying to setup locally Hydra + Kratos + my own implementation of the UI and use that as an OIDC identity broker. I am using the `oauth2_provider.url` kratos config to accept the hydra login from kratos. The problem that I am facing is that the first time a user logs in using an external provider, they get redirected to the Kratos configured `browser_return_url` instead of Hydra. On subsequent logins the user gets redirected to hydra as expected. I am observing this behavior regardless of whether I am using the session registration post hook. Am I supposed to handle this on the UI and accept the hydra login session from there or is my configuration wrong?

so i decided to try to investigate this myself and i think that it's a bug caused by how the registration flow i initialized in the oidc callback (<https://github.com/ory/kratos/blob/master/selfservice/strategy/oidc/strategy_login.go#L96>) the login_challenge is not  passed to the registration flow, which causes Kratos not to call the Hydra API. I will open an issue about it

Thank you for finding this :slightly_smiling_face: