When users have a session and they are redirected to the registration UI on the account experience, they will end up on the /welcome page. This is due to the session check happening in the Express middleware. This is incorrect behavior since the redirect to the welcome route is hard coded and not an ideal route to leave the user at.
In OAuth flows, this is even more confusing, since the OAuth flow has its own logic when a session is present. OAuth flows usually redirect to the consent route if a session is present and there were no subject mismatches.
This PR removes the session check middleware on the registration route and allows Kratos to handle the redirect logic for us.
[ ] I confirm that this pull request does not address a security vulnerability.
If this pull request addresses a security vulnerability,
I confirm that I got approval (please contact security@ory.sh) from the maintainers to push the changes.
[ ] I have added tests that prove my fix is effective or that my feature works.
[ ] I have added the necessary documentation within the code base (if appropriate).
When users have a session and they are redirected to the registration UI on the account experience, they will end up on the
/welcome
page. This is due to the session check happening in the Express middleware. This is incorrect behavior since the redirect to the welcome route is hard coded and not an ideal route to leave the user at.In OAuth flows, this is even more confusing, since the OAuth flow has its own logic when a session is present. OAuth flows usually redirect to the consent route if a session is present and there were no subject mismatches.
This PR removes the session check middleware on the registration route and allows Kratos to handle the redirect logic for us.
Related Issue or Design Document
https://github.com/ory-corp/cloud/issues/5493 https://github.com/ory/kratos/pull/3592
Checklist
Further comments