Roy Scheeren
Reputation: 21
Ory Hydra: No CSRF value available in the session cookie
I have an endpoint that attempts the following:
const login = await oidc
.getOAuth2LoginRequest({ loginChallenge })
.then(() =>
oidc
.acceptOAuth2LoginRequest({
loginChallenge,
acceptOAuth2LoginRequest: {
subject: 'Roy',
remember: Boolean(false),
remember_for: 3600,
acr: '0',
},
})
.then(({ data }) => data))
res.redirect(login.redirect_to)
I receive the following error:
The request is not allowed. No CSRF value available in the session cookie.
If I do the following:
res.status(200).json({message: login.redirect_to})
And follow that returned redirect link from the client, the consent endpoint gets called and everything works
According to this: https://www.ory.sh/docs/oauth2-oidc/custom-login-consent/flow I should redirect from the api directly. I'm not sure why this is the case. My stack is Ory Hydra (local docker env), Nextjs and Next Auth. Is there anyone able to help?
Upvotes: 2
Views: 346
Answers (0)
Related Questions
- .NET Core OIDC challenge redirect not working with an Angular frontend
- CSRF Cookie Not Set when trying to log in django-allauth headless and NextJS+NextAuth
- OpenIddict/OIDC Logout Infinite Loop
- Ory Hydra + Kratos integration
- Angular SPA which is used as Frontend for my custom OIDC provider is not sending session cookie to my backend /signin API
- Oauth2 with ORY Hydra or ORY Kratos
- Ory Hydra 403 With Reverse Proxy
- OIDC / OAuth - Retrieve SID Cookie
- ORY Hydra and validating an OpenID Connect login