Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Login self service flow with TOTP does not pass on return_to URL #2172

Closed
6 tasks done
sawadashota opened this issue Jan 26, 2022 · 0 comments
Closed
6 tasks done

Login self service flow with TOTP does not pass on return_to URL #2172

sawadashota opened this issue Jan 26, 2022 · 0 comments
Labels
bug Something is not working.

Comments

@sawadashota
Copy link
Contributor

Preflight checklist

Describe the bug

Login self service flow with TOTP does not pass on return_to URL. This behavior prevents Login in Authorization Code Flow because kratos couldn't redirect back to OIDC login endpoint with login_challenge parameter.

Reproducing the bug

  1. Run docker-compose -f quickstart.yml -f quickstart-postgres.yml -f quickstart-oathkeeper.yml up
  2. Access to http://127.0.0.1:4455/welcome and register account
  3. Configure 2FA TOTP Authenticator App at settings page
  4. Logout
  5. Access to login page with return_to URL parameter: http://127.0.0.1:4455/.ory/kratos/public/self-service/login/browser?return_to=/settings
  6. Login
  7. Expected to show /settings but /welcome page is shown (When I unlink TOTP configuration, return_to parameter works.)

Relevant log output

No response

Relevant configuration

version: v0.7.1-alpha.1

dsn: memory

serve:
  public:
    base_url: http://127.0.0.1:4433/
    cors:
      enabled: true
  admin:
    base_url: http://kratos:4434/

selfservice:
  default_browser_return_url: http://127.0.0.1:4455/
  whitelisted_return_urls:
    - http://127.0.0.1:4455

  methods:
    password:
      enabled: true
    totp:
      enabled: true

  flows:
    error:
      ui_url: http://127.0.0.1:4455/error

    settings:
      ui_url: http://127.0.0.1:4455/settings
      privileged_session_max_age: 15m

    recovery:
      enabled: true
      ui_url: http://127.0.0.1:4455/recovery

    verification:
      enabled: true
      ui_url: http://127.0.0.1:4455/verification
      after:
        default_browser_return_url: http://127.0.0.1:4455/

    logout:
      after:
        default_browser_return_url: http://127.0.0.1:4455/login

    login:
      ui_url: http://127.0.0.1:4455/login
      lifespan: 10m

    registration:
      lifespan: 10m
      ui_url: http://127.0.0.1:4455/registration
      after:
        password:
          hooks:
            -
              hook: session

log:
  level: debug
  format: text
  leak_sensitive_values: true

secrets:
  cookie:
    - PLEASE-CHANGE-ME-I-AM-VERY-INSECURE
  cipher:
    - 32-LONG-SECRET-NOT-SECURE-AT-ALL

ciphers:
  algorithm: xchacha20-poly1305

hashers:
  algorithm: bcrypt
  bcrypt:
    cost: 8

identity:
  default_schema_url: file:///etc/config/kratos/identity.schema.json

courier:
  smtp:
    connection_uri: smtps://test:test@mailslurper:1025/?skip_ssl_verify=true

Version

v0.8.2-alpha.1

On which operating system are you observing this issue?

macOS

In which environment are you deploying?

Docker Compose

Additional Context

No response
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something is not working.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sawadashota