fix: OIDC login in browser JSON flow

ory · May 9, 2023 · 5f5d619 · 5f5d619
1 parent 6db70a8
commit 5f5d619
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/selfservice/flow/login/hook.go b/selfservice/flow/login/hook.go
@@ -215,6 +215,14 @@ func (e *HookExecutor) PostLoginHook(w http.ResponseWriter, r *http.Request, g n
 		// Browser flows rely on cookies. Adding tokens in the mix will confuse consumers.
 		s.Token = ""
 
+		// Optionally accept the OIDC login request here.
+		if a.OAuth2LoginChallenge.Valid {
+			_, err := e.d.Hydra().AcceptLoginRequest(r.Context(), a.OAuth2LoginChallenge.UUID, i.ID.String(), s.AMR)
+			if err != nil {
+				return err
+			}
+		}
+
 		response := &APIFlowResponse{Session: s}
 		if required, _ := e.requiresAAL2(r, s, a); required {
 			// If AAL is not satisfied, we omit the identity to preserve the user's privacy in case of a phishing attack.