The most scalable and customizable OpenID Certified™ OpenID Connect and OAuth Provider on the market. Become an OpenID Connect and OAuth2 Provider over night. Broad support for related RFCs. Written in Go, cloud native, headless, API-first. Available as a service on Ory Network and for self-hosters.
We have a web based application on which multiple links perform oauth2 login with hydra and use cookie to avoid login screen again (single sign on).
During every login from each link, single session cookie is getting updated.
We enforce logout on main web based application and not on all links (that perform oauth2 login)
Eventually, when we perform logout from any client (we pass id token hint and post logout url), we want that cookie to be cleared and perform redirect to the main application (on which logout was called)
Expected Behavior:
Remove session cookie and redirect to the client.
Actual Behavior:
When using logout, it does not remove the cookie as that was replaced by the other client.
Note that if we dont use id token hint, it removes the cookie correctly, but then it cannot redirect back to the client as post logout url cannot be passed in the logout flow without id token hint
If we use id token hint, it does not clear cookie in all scenario, but redirect to the client as per post logout url works correctly.Has anyone faced this issue?
Any workaround with this?
Appreciate your help!
Reproducing the bug
mentioned in description
Relevant log output
No response
Relevant configuration
No response
Version
hydra 2.x
On which operating system are you observing this issue?
Preflight checklist
Ory Network Project
No response
Describe the bug
We have a web based application on which multiple links perform oauth2 login with hydra and use cookie to avoid login screen again (single sign on). During every login from each link, single session cookie is getting updated. We enforce logout on main web based application and not on all links (that perform oauth2 login)
Eventually, when we perform logout from any client (we pass id token hint and post logout url), we want that cookie to be cleared and perform redirect to the main application (on which logout was called)
Expected Behavior: Remove session cookie and redirect to the client.
Actual Behavior: When using logout, it does not remove the cookie as that was replaced by the other client.
Note that if we dont use id token hint, it removes the cookie correctly, but then it cannot redirect back to the client as post logout url cannot be passed in the logout flow without id token hint If we use id token hint, it does not clear cookie in all scenario, but redirect to the client as per post logout url works correctly.Has anyone faced this issue?
Any workaround with this?
Appreciate your help!
Reproducing the bug
mentioned in description
Relevant log output
No response
Relevant configuration
No response
Version
hydra 2.x
On which operating system are you observing this issue?
None
In which environment are you deploying?
None
Additional Context
No response