You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hydra does not support simultaneous auth flows for the same client in the same browser.
Reproducing the bug
Initiate the hydra OIDC flow for the same client in two or more tabs of the same browser
Attempt to complete login in any except the last tab that initiated the flow
Error: request_forbidden reason:The CSRF value from the token does not match the CSRF value from the data store.
Relevant log output
No response
Relevant configuration
No response
Version
v2.2.0
On which operating system are you observing this issue?
None
In which environment are you deploying?
None
Additional Context
I have an app that provides access to multiple services with the same OIDC identity and I would like to utilize hydra as my OIDC provider to login to that application. Our users may have multiple tabs open attempting to access different service providers through our application. Ideally, all logins could succeed.
Based on some of the comments on the pr that enabled simultaneous logins for different clients, it seems like your team was open to a CSRF cookie change that would enable simultaneous logins for the same client in the same browser. We could attempt to work on this if you are still open to it.
The text was updated successfully, but these errors were encountered:
Preflight checklist
Ory Network Project
No response
Describe the bug
Hydra does not support simultaneous auth flows for the same client in the same browser.
Reproducing the bug
request_forbidden reason:The CSRF value from the token does not match the CSRF value from the data store.Relevant log output
No response
Relevant configuration
No response
Version
v2.2.0
On which operating system are you observing this issue?
None
In which environment are you deploying?
None
Additional Context
I have an app that provides access to multiple services with the same OIDC identity and I would like to utilize hydra as my OIDC provider to login to that application. Our users may have multiple tabs open attempting to access different service providers through our application. Ideally, all logins could succeed.
Based on some of the comments on the pr that enabled simultaneous logins for different clients, it seems like your team was open to a CSRF cookie change that would enable simultaneous logins for the same client in the same browser. We could attempt to work on this if you are still open to it.
The text was updated successfully, but these errors were encountered: