Hydra: Unable to return consent sessions for a user

Created on 6 Dec 2018  路  10Comments  路  Source: ory/hydra

Describe the bug

  1. Given a table with these values:
    screenshot 2018-12-06 at 12 35 04
  1. Making request for consent sessions with the user value matching the subject, nothing is returned
    screenshot 2018-12-06 at 14 07 54

Expected behavior
A list of the consent sessions

Version:

  • Environment: Docker
  • Version: v1.0.0-rc.2_oryOS.9-alpine
  • Database: Postgres 10.5
bug packagconsent

Most helpful comment

In the meanwhile, set remember to true and you will see the values, which should help you build the UI while the issue is being fixed.

All 10 comments

Could you include the whole table row? Things like "remember" and "remember_for" are important here!

Oh and could you please include logs :)

Another question @pixelblend , which DB are you using?

Logs:

auth_1      | time="2018-12-06T14:08:34Z" level=info msg="started handling request" method=GET remote="172.22.0.1:43768" request=/oauth2/auth/sessions/consent/018ae5e7-cdd2-4218-9c6b-a253541bb150
auth_1      | time="2018-12-06T14:08:34Z" level=info msg="completed handling request" measure#http://localhost:9000/.latency=12635900 method=GET remote="172.22.0.1:43768" request=/oauth2/auth/sessions/consent/018ae5e7-cdd2-4218-9c6b-a253541bb150 status=200 text_status=OK took=12.6359ms

JSON export of table:

[
  {
    "challenge": "bcfaf290bc7d4fdebbbaff174f145b67",
    "verifier": "6bb42f66b19a46a586c1209a0b51a82d",
    "client_id": "XXX",
    "subject": "018ae5e7-cdd2-4218-9c6b-a253541bb150",
    "request_url": "http://localhost:9000/oauth2/auth?brand=codeclub&client_id=union-dev&redirect_uri=http%3A%2F%2Flocalhost%3A3333%2Fcb&response_type=code&scope=openid+email+profile+force-consent&state=b63450d7ffab76cf61da52ba2f1a626224a54d7f5dd9e03a",
    "skip": false,
    "requested_scope": "openid|email|profile|force-consent",
    "csrf": "7ecca06501184ed78a4405711e2f487d",
    "authenticated_at": "2018-12-06 14:35:41.26738",
    "requested_at": "2018-12-06 14:35:37.320656",
    "oidc_context": "{}",
    "forced_subject_identifier": "",
    "login_session_id": null,
    "login_challenge": "7559294f0dc145f4accc6dfd9741c616",
    "requested_at_audience": "",
    "acr": ""
  }
]

Database is Postgres 10.5

Cool, that is really helpful. Could you do me another favor and give the output of:

SELECT h.*, r.* FROM
    hydra_oauth2_consent_request_handled as h
JOIN
    hydra_oauth2_consent_request as r ON (h.challenge = r.challenge)
WHERE
r.subject="<YOUR SUBJECT ID GOES HERE>"

and print the (redacted) output here?

Cool, that is really helpful. Could you do me another favor and give the output of:
and print the (redacted) output here?

[
  {
    "granted_scope": "openid|email|profile|force-consent",
    "remember": false,
    "remember_for": 3600,
    "error": "{}",
    "session_access_token": "{}",
    "session_id_token": "{\"email\":\"[email protected]\",\"email_verified\":true,\"name\":\"Jane Doe\",\"nickname\":\"Jane\",\"picture\":\"http://localhost:3000/profile/018ae5e7-cdd2-4218-9c6b-a253541bb150/avatar\",\"profile\":\"http://localhost:3000/profile\",\"uuid\":\"018ae5e7-cdd2-4218-9c6b-a253541bb150\"}",
    "was_used": true,
    "granted_at_audience": "",
    "challenge": "bcfaf290bc7d4fdebbbaff174f145b67",
    "verifier": "6bb42f66b19a46a586c1209a0b51a82d",
    "client_id": "XXX",
    "subject": "018ae5e7-cdd2-4218-9c6b-a253541bb150",
    "request_url": "http://localhost:9000/oauth2/auth?brand=XXX&client_id=SSS&redirect_uri=http%3A%2F%2Flocalhost%3A3333%2Fcb&response_type=code&scope=openid+email+profile+force-consent&state=b63450d7ffab76cf61da52ba2f1a626224a54d7f5dd9e03a",
    "skip": false,
    "requested_scope": "openid|email|profile|force-consent",
    "csrf": "7ecca06501184ed78a4405711e2f487d",
    "authenticated_at": "2018-12-06 14:35:41.26738",
    "requested_at": "2018-12-06 14:35:37.320656",
    "oidc_context": "{}",
    "forced_subject_identifier": "",
    "login_session_id": null,
    "login_challenge": "7559294f0dc145f4accc6dfd9741c616",
    "requested_at_audience": "",
    "acr": ""
  }
]

Ok so remember is set to false here, so the consent request has actually not been remembered. I realize that this is misleading as the app still has access. If it were set to true, you would see the values. I'll get onto that with the next release.

In the meanwhile, set remember to true and you will see the values, which should help you build the UI while the issue is being fixed.

Thanks, I'll give that a try.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

atbentley picture atbentley  路  3Comments

lpotherat picture lpotherat  路  7Comments

someone1 picture someone1  路  8Comments

aeneasr picture aeneasr  路  3Comments

audioXD picture audioXD  路  8Comments