Open louischan-oursky opened 1 week ago
@louischan how did you find this out and what use case will be affected? im evaluating the priority
I found this out when I wrote e2e tests for account linking. Default authflow will NOT be affected. This issue only affects custom authflows that have two consecutive steps that take the same input, like creating two emails in a row during signup.
Currently when we feed input to a authflow, we feed the same input indefinitely until the authflow no longer react. It is a problem when two consecutive steps consume the same input, for example, two consecutive step of
identification: email
in a signup flow. The second step will consume the same input, causing a duplicated identity error.Conceptually, processing an input should be like consuming tokens in a parser. The consumed token will not be passed to the next parser.