Comments (3)
In particular, it does not request the scopes provided in selfservice.methods.oidc.config.providers[].scope
This is interesting, as I can't immediately tell from the code why this would be. We use the same config in both registration and login, and thus the same code URL for the OIDC provider. The translation from login -> registration only happens in the OIDC callback after the OIDC provider has redirected the user to Ory/Kratos. Any additional information you might have would help!
and it does not redirect to selfservice.flows.registration.after.default_browser_return_url.
Yes, this is true, because the login flow fully wraps the registration flow, and after it completes, does the after login flow redirect. If you have a page welcoming new users, they wouldn't be redirected as Kratos treats the flow as a login flow, leading to weird UXs. So I agree that this should either be configurable or just be changed (though this would be an unexpected breaking change, IMO).
from kratos.
This is interesting, as I can't immediately tell from the code why this would be. We use the same config in both registration and login, and thus the same code URL for the OIDC provider. The translation from login -> registration only happens in the OIDC callback after the OIDC provider has redirected the user to Ory/Kratos. Any additional information you might have would help!
This turns out to likely be my mistake - our registration flow unconditionally manually sets upstream_parameters
to force the scopes fetch, and our login flow doesn't, and I should be able to configure our login flow to do it. So the only real issue is the "wrong" after login url when login is actually a registration.
In our case, you are absolutely right - after a registration, we drop the user into an welcoming onboarding flow intended to finish configuration for new users, so if they happened to click "Sign In" instead of "Sign Up", they don't get our welcoming page unless we hack that state outside of the Kratos system.
from kratos.
Retitled for specificity.
Another solution that would work— less preferable, but maybe easier—would be allowing us to disable creating accounts on sign in.
from kratos.
Related Issues (20)
- Not able to add OIDC which does not allow OpenID Connect Discovery HOT 2
- OIDC account linking does not appropriately normalize emails
- Support account linking for accounts using the same OIDC provider
- Multiple OIDC identifiers for an identity don't work
- GitHub OAuth Flow not working for private email addresses
- Jsonnet data mapping at OIDC login HOT 3
- Version Control Ory Docs like in ReadTheDocs
- Secure Jsonnet Pool context deadline exceeded HOT 7
- Ability to insert a (non-hermetic) date in email templates
- jsonschema outdated tel validation
- feature request: hooks for managing oidc/oauth states HOT 3
- feat: add an admin API to lock/unlock an account
- "Code" method replacing existing methods HOT 1
- Option to disable/enable Code mfa per user
- upstream reference closed: github.com/ory/kratos/issues/3933
- Issue with Account Recovery Feature in React Native App using Ory Kratos - 400 Error on email address submission HOT 9
- Getting error on email submission on recovery - "message": "named insert: ERROR: column \"channel\" of relation \"courier_messages\" does not exist (SQLSTATE 42703)"
- Facebook Limited Login
- Cannot use a refresh login flow to invoke a prompt=consent OIDC refresh
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kratos.