Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Kratos redirects twice to OIDC provider when missing traits #2863

Open
3 of 6 tasks
viters opened this issue Nov 4, 2022 · 5 comments · May be fixed by #4064
Open
3 of 6 tasks

Kratos redirects twice to OIDC provider when missing traits #2863

viters opened this issue Nov 4, 2022 · 5 comments · May be fixed by #4064
Labels
feat New feature or request.

Comments

@viters
Copy link
Contributor

viters commented Nov 4, 2022
edited
Loading

Preflight checklist

Describe the bug

https://www.ory.sh/docs/kratos/self-service/flows/user-registration#registration-with-google-facebook-github--openid-connect--oauth-20-1:~:text=What%20may%20also%20happen%20is%20that%20the%20Identity%20Schema%20JSON%20includes%20a%20field%20which%20is%20required%20but%20wasn%27t%20provided%20by%20the%20upstream%20identity%20provider%20(for%20example%20Google).%20In%20those%20cases%2C%20the%20end%2Duser%27s%20browser%20is%20returned%20to%20the%20registration%20screen%20with%20the%20form%20validation%20errors.

There is a common case when user creates account through OIDC and needs to set additional traits by himself.

Other platforms (like https://www.figma.com/, https://accounts.spotify.com/) have scenario:

  1. Initialize sign up through Google
  2. Redirected to Google
  3. Pick Google account
  4. Redirect to sign up site
  5. Fill in the rest of traits
  6. Account created, user is logged in

In Kratos the process is:

  1. Initialize sign up through Google
  2. Redirected to Google
  3. Pick Google account
  4. Redirect to sign up site
  5. Fill in the rest of traits
  6. Redirected to Google
  7. Pick Google account
  8. Redirect to sign up site
  9. Account created, user is logged in

I fell that the current Kratos process is user unfriendly and unclear of what is happening. Especially if someone picks different accounts on the step 3 and 7.

Reproducing the bug

  1. Run newest Kratos
  2. Configure Google OIDC
  3. Have at least 2 Google accounts logged in
  4. Prepare schema with required traits without mapping them from provider
  5. Try to register

Relevant log output

No response

Relevant configuration

No response

Version

0.10.1

On which operating system are you observing this issue?

No response

In which environment are you deploying?

No response

Additional Context

No response
@viters viters added the bug Something is not working. label Nov 4, 2022
@aeneasr
Copy link
Member

aeneasr commented Nov 9, 2022

We definitely need to address this. This was originally done out of security measures but the user experience with multiple google accounts just is not good.

@netthier
Copy link

Possibly a duplicate of #2635

@aeneasr aeneasr mentioned this issue Nov 16, 2022
Closed
6 tasks
@jakubfijalkowski
Copy link

Hey, this one is somewhat a blocker for us. Do you have fixing this on your roadmap maybe?

@aeneasr
Copy link
Member

aeneasr commented Jul 27, 2023

This can be addressed by providing a login_hint in the second redirect to the SSO provider (e.g. Google).

@aeneasr aeneasr added feat New feature or request. and removed bug Something is not working. labels Jul 27, 2023
@Saancreed Saancreed mentioned this issue Aug 3, 2023
Draft
7 tasks
@jakubfijalkowski jakubfijalkowski mentioned this issue Aug 4, 2023
Closed
6 tasks
@github-actions GitHub Actions
Copy link

Hello contributors!

I am marking this issue as stale as it has not received any engagement from the community or maintainers for a year. That does not imply that the issue has no merit! If you feel strongly about this issue

  • open a PR referencing and resolving the issue;
  • leave a comment on it and discuss ideas on how you could contribute towards resolving it;
  • leave a comment and describe in detail why this issue is critical for your use case;
  • open a new issue with updated details and a plan for resolving the issue.

Throughout its lifetime, Ory has received over 10.000 issues and PRs. To sustain that growth, we need to prioritize and focus on issues that are important to the community. A good indication of importance, and thus priority, is activity on a topic.

Unfortunately, burnout has become a topic of concern amongst open-source projects.

It can lead to severe personal and health issues as well as opening catastrophic attack vectors.

The motivation for this automation is to help prioritize issues in the backlog and not ignore, reject, or belittle anyone.

If this issue was marked as stale erroneously you can exempt it by adding the backlog label, assigning someone, or setting a milestone for it.

Thank you for your understanding and to anyone who participated in the conversation! And as written above, please do participate in the conversation if this topic is important to you!

Thank you 🙏✌️

@github-actions github-actions bot added the stale Feedback from one or more authors is required to proceed. label Jul 27, 2024
@David-Wobrock David-Wobrock linked a pull request Aug 29, 2024 that will close this issue
Open
7 tasks
@alnr alnr reopened this Sep 10, 2024
@alnr alnr reopened this Oct 11, 2024
@alnr alnr reopened this Dec 23, 2024
@alnr alnr added backlog and removed stale Feedback from one or more authors is required to proceed. labels Dec 23, 2024
@github-actions github-actions bot removed the backlog label Dec 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feat New feature or request.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: redirect to OIDC providers only once in registration flows David-Wobrock/kratos
5 participants
@jakubfijalkowski @aeneasr @alnr @viters @netthier