ory
Redirect problem after login to refresh privileged session
Preflight checklist
- [X] I could not find a solution in the existing issues, docs, nor discussions.
- [X] I agree to follow this project's Code of Conduct.
- [X] I have read and am following this repository's Contribution Guidelines.
- [X] This issue affects my Ory Cloud project.
- [ ] I have joined the Ory Community Slack.
- [ ] I am signed up to the Ory Security Patch Newsletter.
Describe the bug
When the user needs to login to refresh a privileged session (e.g. from the settings page), it is redirected from the current page to the login page with the following return_to url:
http://ory.domain.com/self-service/settings?flow=FLOW_ID
After a successful login, the login page should redirect the user to the address at return_to (above).
Redirecting the user there ends up in the settings page. Calling GetSelfServiceSettingsFlow at that stage provides a flow with the error below and the user needs to repeat the last action:
Unable to decode body because HTTP Request Method was "GET" but only [POST PUT PATCH] are supported.
We assume this is a bug and that at this stage we should have a settings flow updated after completing the operation the user tried to perform. We also tried to compare the settings flow from the first call and after the login, but they are pretty much the same, so no clue on what should be done differently.
Please advise.
Reproducing the bug
- Configure your Ory Session privileged timeout to a small interval (e.g. 30s)
- Go your custom kratos ui settings page
- Execute a privileged action (e.g. reveal backup recovery codes)
- Wait for redirect to login
- Enter the correct credentials
- Wait fo redirect back to settings
- The error message is shown and the privileged action is not executed
Relevant log output
No response
Relevant configuration
No response
Version
0.0.1-alpha.169
On which operating system are you observing this issue?
Windows
In which environment are you deploying?
Docker Compose
Additional Context
No response
