Accept Login Request endpoint Needs redirect URLs for 409 and 410 Responses

[theory]

Preflight checklist

• [X] I could not find a solution in the existing issues, docs, nor discussions.
• [X] I agree to follow this project's Code of Conduct.
• [X] I have read and am following this repository's Contribution Guidelines.
• [ ] This issue affects my Ory Network project.
• [X] I have joined the Ory Community Slack.
• [ ] I am signed up to the Ory Security Patch Newsletter.

Describe the bug

In the case of a "double submit" to the accept login request endpoint, one of the accept login request works and returns a redirection to Hydra with a login_verifier to redirect to the consent URL.

But if then another accept login request comes in with the same login_challenge , Hydra returns a 409 Conflict, which makes it impossible to get another URL with a login_verifier , so that we could still redirect to the consent URL in the end. Instead, we are only making the user restart entirely, get a new login challenge, having to enter credentials again.

Would it make sense to add additional formal responses to handle the conflict and gone use cases and return an appropriate redirect URL? For conflicts, return the same redirect URL as for the previous request. For a 410, return a URL to restart the auth process.

Reproducing the bug

1. Start a login request
2. Call the accept login request endpoint with the login_challenge, note the 200 response with a redirect_to field in the response
3. Call the accept login endpoint again with the same login_challenge, note the 409 response an no redirect_to field in the response

Relevant log output

No response

Relevant configuration

No response

Version

1.11.10

On which operating system are you observing this issue?

Linux

In which environment are you deploying?

Kubernetes with Helm

Additional Context

Slack thread