Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Settings flow does not have link option with OIDC & Password methods enabled #4185

Open
4 of 5 tasks
Matthias64 opened this issue Oct 31, 2024 · 0 comments
Open
4 of 5 tasks

Settings flow does not have link option with OIDC & Password methods enabled #4185

Matthias64 opened this issue Oct 31, 2024 · 0 comments
Labels
bug Something is not working.

Comments

@Matthias64
Copy link

Matthias64 commented Oct 31, 2024
edited
Loading

Preflight checklist

Ory Network Project

Ory Kratos Self hosted v1.3.1

Describe the bug

Hello,

I am having an issue when trying to use settings flow to link an identity registered using Password method with its Google account.

Google OIDC and password registration/login are working perfectly fine but when I have signed up with password and create a settings flow, I have no option to link to OIDC, there is no node with type oidc.

What I have tried :

  1. Checked the logs, there is no error.
  2. Checked that this identity was not already linked to Google
  3. Tested with different versions of Ory Kratos v.1.1.0, v1.3.0 & v1.3.1.
  4. Enabled verification flow, verify my account email (both with Google & Email sign up)
  5. Enabled the flag enable_legacy_one_step

It did not give any result. I also tried @kapa.ai chatbot in Ory Slack but it did not propose any additional solution

Reproducing the bug

  1. Create a registration flow GET /self-service/registration/api
  2. Submit registration flow POST /self-service/registration?flow=d41fafbd-d0ee-4be7-8e14-800070c03e14 with payload
{
    "traits.email": "[email protected]", 
    "password": "MySuperPass*", 
    "method": "password"
}
  1. Create a settings flow GET /self-service/settings/api using header X-Session-Token
  2. There is no node of type oidc e.g.
{
    "id": "28b3fbcf-4367-445f-99fa-181d368d5012",
    "type": "api",
    "expires_at": "2024-10-31T17:05:26.035126414Z",
    "issued_at": "2024-10-31T16:05:26.035126414Z",
    "request_url": "http://127.0.0.1:4433/self-service/settings/api",
    "ui": {
        "action": "http://matthias.local/kratos/self-service/settings?flow=28b3fbcf-4367-445f-99fa-181d368d5012",
        "method": "POST",
        "nodes": [
            {
                "type": "input",
                "group": "default",
                "attributes": {
                    "name": "csrf_token",
                    "type": "hidden",
                    "value": "",
                    "required": true,
                    "disabled": false,
                    "node_type": "input"
                },
                "messages": [],
                "meta": {}
            },
            {
                "type": "input",
                "group": "profile",
                "attributes": {
                    "name": "traits.email",
                    "type": "email",
                    "value": "[email protected]",
                    "required": true,
                    "autocomplete": "email",
                    "disabled": false,
                    "node_type": "input"
                },
                "messages": [],
                "meta": {
                    "label": {
                        "id": 1070002,
                        "text": "E-Mail",
                        "type": "info",
                        "context": {
                            "title": "E-Mail"
                        }
                    }
                }
            },
            {
                "type": "input",
                "group": "profile",
                "attributes": {
                    "name": "method",
                    "type": "submit",
                    "value": "profile",
                    "disabled": false,
                    "node_type": "input"
                },
                "messages": [],
                "meta": {
                    "label": {
                        "id": 1070003,
                        "text": "Save",
                        "type": "info"
                    }
                }
            },
            {
                "type": "input",
                "group": "password",
                "attributes": {
                    "name": "password",
                    "type": "password",
                    "required": true,
                    "autocomplete": "new-password",
                    "disabled": false,
                    "node_type": "input"
                },
                "messages": [],
                "meta": {
                    "label": {
                        "id": 1070001,
                        "text": "Password",
                        "type": "info"
                    }
                }
            },
            {
                "type": "input",
                "group": "password",
                "attributes": {
                    "name": "method",
                    "type": "submit",
                    "value": "password",
                    "disabled": false,
                    "node_type": "input"
                },
                "messages": [],
                "meta": {
                    "label": {
                        "id": 1070003,
                        "text": "Save",
                        "type": "info"
                    }
                }
            }
        ]
    },
    "identity": {
        "id": "9440d5ac-d8e0-45f0-97af-8e40d1305a6c",
        "schema_id": "default",
        "schema_url": "http://matthias.local/kratos/schemas/ZGVmYXVsdA",
        "state": "active",
        "state_changed_at": "2024-10-31T16:05:19.03194Z",
        "traits": {
            "email": "[email protected]"
        },
        "verifiable_addresses": [
            {
                "id": "fa15a1f9-96f2-4118-ab84-21f0cae40ba8",
                "value": "[email protected]",
                "verified": false,
                "via": "email",
                "status": "pending",
                "created_at": "2024-10-31T16:05:19.033233Z",
                "updated_at": "2024-10-31T16:05:19.033233Z"
            }
        ],
        "recovery_addresses": [
            {
                "id": "d404d32a-8269-4367-8e97-8df383d9cdba",
                "value": "[email protected]",
                "via": "email",
                "created_at": "2024-10-31T16:05:19.033807Z",
                "updated_at": "2024-10-31T16:05:19.033807Z"
            }
        ],
        "metadata_public": null,
        "created_at": "2024-10-31T16:05:19.032667Z",
        "updated_at": "2024-10-31T16:05:19.032667Z",
        "organization_id": null
    },
    "state": "show_form"
}

Relevant log output

No response

Relevant configuration

version: v1.3.1
serve:
  public:
    base_url: http://matthias.local/kratos
    cors:
      enabled: true
  admin:
    base_url: http://matthias.local/kratos-admin
selfservice:
  default_browser_return_url: matthias://kratos_social_sign_in_return_url
  methods:
    password:
      enabled: true
    oidc:
      enabled: true
      config:
        providers:
        - id: google
          provider: google
          client_id: "XXXX.apps.googleusercontent.com"
          client_secret: "XXXX"
          mapper_url: file:///home/ory/schemas/oidc/google.jsonnet
          scope:
            - email
            - profile
          requested_claims:
            id_token:
              email:
                essential: true
              email_verified:
                essential: true
              given_name:
                essential: true
              family_name: null
              hd: null
  flows:
    settings:
      privileged_session_max_age: 24h
    registration:
      lifespan: 10m
      after:
        password:
          hooks:
            - hook: session
identity:
  default_schema_id: default
  schemas:
    - id: default
      url: file:///home/ory/identity.schema.json

Version

Ory Kratos Self hosted v1.3.1

On which operating system are you observing this issue?

Linux

In which environment are you deploying?

Kubernetes

Additional Context

Google Jsonnet config :

{
  identity: {
    traits: {
      email: claims.email,
    },
  },
}

Identity schema :

{
  "$id": "schemaV0.0.1",
  "title": "Person",
  "type": "object",
  "properties": {
    "traits": {
      "type": "object",
      "properties": {
        "email": {
          "type": "string",
          "format": "email",
          "title": "E-Mail",
          "ory.sh/kratos": {
            "credentials": {
              "password": {
                "identifier": true
              }
            },
            "recovery": {
              "via": "email"
            },
            "verification": {
              "via": "email"
            }
          },
          "maxLength": 320
        }
      },
      "required": [
        "email"
      ]
    }
  }
}
@Matthias64 Matthias64 added the bug Something is not working. label Oct 31, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something is not working.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Matthias64