Code Monkey home page Code Monkey logo

Comments (3)

jonas-jonas avatar jonas-jonas commented on June 23, 2024

In particular, it does not request the scopes provided in selfservice.methods.oidc.config.providers[].scope

This is interesting, as I can't immediately tell from the code why this would be. We use the same config in both registration and login, and thus the same code URL for the OIDC provider. The translation from login -> registration only happens in the OIDC callback after the OIDC provider has redirected the user to Ory/Kratos. Any additional information you might have would help!

and it does not redirect to selfservice.flows.registration.after.default_browser_return_url.

Yes, this is true, because the login flow fully wraps the registration flow, and after it completes, does the after login flow redirect. If you have a page welcoming new users, they wouldn't be redirected as Kratos treats the flow as a login flow, leading to weird UXs. So I agree that this should either be configurable or just be changed (though this would be an unexpected breaking change, IMO).

from kratos.

aran avatar aran commented on June 23, 2024

This is interesting, as I can't immediately tell from the code why this would be. We use the same config in both registration and login, and thus the same code URL for the OIDC provider. The translation from login -> registration only happens in the OIDC callback after the OIDC provider has redirected the user to Ory/Kratos. Any additional information you might have would help!

This turns out to likely be my mistake - our registration flow unconditionally manually sets upstream_parameters to force the scopes fetch, and our login flow doesn't, and I should be able to configure our login flow to do it. So the only real issue is the "wrong" after login url when login is actually a registration.

In our case, you are absolutely right - after a registration, we drop the user into an welcoming onboarding flow intended to finish configuration for new users, so if they happened to click "Sign In" instead of "Sign Up", they don't get our welcoming page unless we hack that state outside of the Kratos system.

from kratos.

aran avatar aran commented on June 23, 2024

Retitled for specificity.

Another solution that would work— less preferable, but maybe easier—would be allowing us to disable creating accounts on sign in.

from kratos.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.