Skip to content

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

oauth2 error after a login flow with a login_challenge #3359

Closed
4 of 6 tasks
malagon91 opened this issue Jul 3, 2023 · 0 comments
Closed
4 of 6 tasks

oauth2 error after a login flow with a login_challenge #3359

malagon91 opened this issue Jul 3, 2023 · 0 comments
Labels
bug Something is not working.

Comments

@malagon91
Copy link

Preflight checklist

Describe the bug

We have a self-hosted Kratos + Hydra environment. For the Kratos UI we used the https://github.com/ory/kratos-selfservice-ui-node repo as a reference for our own implementation, we configured correctly the oatuh2_provider value but it seems an error when I got to the /self-service/login/browser route with a valid challenge.

Reproducing the bug

When we run a login flow with a Hydra login_challenge and Kratos returns to the error page with the label Failed to retrieve OAuth 2.0 login request

Relevant log output

Error { "id": "9fcdb151-9da1-4420-9d75-3d65a3f72f4a", "error": { "code": 500, "reason": "Failed to retrieve OAuth 2.0 login request.", "status": "Internal Server Error", "message": "An internal server error occurred, please contact the system administrator" }, "created_at": "2023-07-03T18:16:26.085205Z", "updated_at": "2023-07-03T18:16:26.085205Z" }

Relevant configuration

version: v0.13.0


serve:
  public:
    base_url: http://127.0.0.1:4433/
    cors:
      allowed_origins:
        - http://127.0.0.1:3002
        - http://localhost:3002
      allowed_methods:
        - POST
        - GET
        - PUT
        - PATCH
        - DELETE
      allowed_headers:
        - Authorization
        - Cookie
        - Content-Type
      exposed_headers:
        - Content-Type
        - Set-Cookie
      enabled: true
      debug: true
  admin:
    port: 4434

identity:
  default_schema_id: default
  schemas:
    - id: default
      url: file:///etc/config/kratos/identity.schema.json
oauth2_provider:
  url: https://hydra.admin.url

selfservice:
  default_browser_return_url: http://127.0.0.1:3002/
  allowed_return_urls:
      - http://127.0.0.1:3002/

  methods:
    password:
      enabled: true
    oidc:
      config:
        providers:
          - id: hydra
            provider: generic
            client_id: client
            client_secret: ""
            mapper_url: "base64://bG9jYWwgY2xhaW1zID0gew0KICBlbWFpb"
            auth_url: https://authk.can.com.mx/oauth2/auth
            token_url: https://authk.can.com.mx/oauth2/token
            issuer_url: https://authk.can.com.mx
            scope:
              - openid
              - offline
            requested_claims:
              id_token:
                email:
                  essential: true
                email_verified:
                  essential: true
                given_name:
                  essential: true
                family_name: null
        base_redirect_uri: http://127.0.0.1:4433/
      enabled: true

  flows:
    verification:
      ui_url: http://127.0.0.1:3002/can/verify
      lifespan: 2h
      use: code
      notify_unknown_recipients: false 
      enabled: true
      after:
        default_browser_return_url: http://127.0.0.1:3002/can/success
      
    error:
      ui_url: http://127.0.0.1:3002/can/inicia-sesion/kratos/error

    login:
      ui_url: http://127.0.0.1:3002/can/inicia-sesion/login
      after:
        default_browser_return_url: http://127.0.0.1:3002/can/hey
        password:
          default_browser_return_url: http://127.0.0.1:3002/can/hey
        oidc:
          default_browser_return_url: http://127.0.0.1:3002/can/hey
    
    logout:
      after:
        default_browser_return_url: http://127.0.0.1:3002/can/hey

    registration:
      ui_url: http://127.0.0.1:3002/can/cuenta-nueva/registro
      after:
        default_browser_return_url: http://127.0.0.1:3002/can/hey
        password:
          default_browser_return_url: http://127.0.0.1:3002/can/hey
          hooks:
            - hook: session
        oidc:
          default_browser_return_url: http://127.0.0.1:3002/can/hey
          hooks: 
            - hook: session

log:
  level: debug
  format: text
  leak_sensitive_values: true

secrets:
  cookie:
    - testconfig

session:
  lifespan: 8h

hashers:
  algorithm: bcrypt
  bcrypt:
    cost: 8

courier:
  smtp:
    connection_uri: smtps://test:test@mailslurper:1025/?skip_ssl_verify=true
    from_address: no-reply@example.com

Version

v0.13.0

On which operating system are you observing this issue?

Linux

In which environment are you deploying?

Kubernetes with Helm

Additional Context

When the login self-service route gets a login_challenge I got the error
@malagon91 malagon91 added the bug Something is not working. label Jul 3, 2023
@ory ory locked and limited conversation to collaborators Jul 4, 2023
@aeneasr aeneasr converted this issue into discussion #3361 Jul 4, 2023

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

Assignees
No one assigned
Labels
bug Something is not working.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@malagon91