LoginRequest's skip field is set to true for another client / different scopes #3862
Unanswered
clement-buchart
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello,
The documentation for the
skip
field of the LoginRequest says :Yet, if i authenticate with clientA on websiteA, and then start a login flow with clientB on websiteB, requesting an additional scope, the login request still has the
skip
parameter to true.Looking at the code, I don't see any check on the scope or client when deciding to skip the login.
It seems like skip is simply set to true if while processing the request, the subject is known :
hydra/consent/strategy_default.go
Lines 202 to 204 in 9cc5f28
Which of course is the case if a previous session is found via cookie. :
https://github.com/ory/hydra/blob/9cc5f28825bb80398a9830d4fcb220147f74504c/consent/strategy_default.go#L123C32-L169
Is this a bug or just a documentation oversight ?
Cheers,
Clément.
Beta Was this translation helpful? Give feedback.
All reactions