You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We are running an app as communication widget within MS Dynamics using Dynamics 365 Channel Integration Framework 2.0 and are self-hosting Ory Kratos. Ory Kratos service has been started in production mode by omitting the --dev flag, all traffic runs over HTTPS.
We configured Kratos to use same_site: None for cookies.
When redirecting to the choosen provider we get an error message.
"code": 400,
"debug": "key ory_kratos_oidc_auth_code_session does not exist in cookie: ory_kratos_continuity...
"reason": "The browser does not contain the necessary cookie to resume the session. This is a security violation and was blocked. Please clear your browser's cookies and cache and try again!",
"status": "Bad Request",
"message": "no resumable session found"
We can see from ChromeDev tools that cookie ory_kratos_continuity was set but with SameSite=Lax.
Why are cookie settings not applied?
Reproducing the bug
add/edit cookie setting same_site in kratos.yml
restart kratos service in production mode (omit --dev flag)
Preflight checklist
Ory Network Project
No response
Describe the bug
We are running an app as communication widget within MS Dynamics using Dynamics 365 Channel Integration Framework 2.0 and are self-hosting Ory Kratos. Ory Kratos service has been started in production mode by omitting the --dev flag, all traffic runs over HTTPS.
We configured Kratos to use same_site: None for cookies.
When redirecting to the choosen provider we get an error message.
"code": 400,
"debug": "key ory_kratos_oidc_auth_code_session does not exist in cookie: ory_kratos_continuity...
"reason": "The browser does not contain the necessary cookie to resume the session. This is a security violation and was blocked. Please clear your browser's cookies and cache and try again!",
"status": "Bad Request",
"message": "no resumable session found"
We can see from ChromeDev tools that cookie ory_kratos_continuity was set but with SameSite=Lax.
Why are cookie settings not applied?
Reproducing the bug
Relevant log output
Relevant configuration
Version
Ory Kratos service_version v0.10.0
On which operating system are you observing this issue?
Linux
In which environment are you deploying?
Other
Additional Context
Microsoft dynamics 365 channel integration framework 2.0
The text was updated successfully, but these errors were encountered: