The most scalable and customizable OpenID Certified™ OpenID Connect and OAuth Provider on the market. Become an OpenID Connect and OAuth2 Provider over night. Broad support for related RFCs. Written in Go, cloud native, headless, API-first. Available as a service on Ory Network and for self-hosters.
When a login or consent challenge expires Hydra returns a HTTP 401 with an error indicating the expiry. However this makes it hard for the consent app to resolve the error state. This issue will mostly arise when the user has requested a login form which embeds the login challenge, and they leave the form open until the challenge has expired. This is hard for the consent app to resolve as it can no longer view the login request at this point.
Was able to somewhat work around this by extracting the request url and return it as a hidden field in the login form. Then on login form submission I match the expired challenge errors, and redirect to the request url to restart the flow.
Preflight checklist
Ory Network Project
No response
Describe your problem
When a login or consent challenge expires Hydra returns a HTTP 401 with an error indicating the expiry. However this makes it hard for the consent app to resolve the error state. This issue will mostly arise when the user has requested a login form which embeds the login challenge, and they leave the form open until the challenge has expired. This is hard for the consent app to resolve as it can no longer view the login request at this point.
Describe your ideal solution
Ideally Hydra would return a HTTP 410 and include where the consent app should redirect to in order to resolve this error state. Like how hydra responds for handled challenges. https://github.com/ory/hydra/issues/2057#issuecomment-1432929642
Workarounds or alternatives
Was able to somewhat work around this by extracting the request url and return it as a hidden field in the login form. Then on login form submission I match the expired challenge errors, and redirect to the request url to restart the flow.
Version
2.2.0
Additional Context
No response