Hi!
We’re running Hydra alongside a web application and a mobile application.
Both are requesting openid offline
scope and a code
response type. The mobile application is using PKCE and providing a code_challenge
and code_challenge_method
.
As users log into the web application (multiple devices, browsers, etc) only a single consent session is ever created.
As users log into our mobile application we are seeing multiple consent sessions created that are missing login_challenge
and login_session_id
values. Only the first has these values set.
Any help determining why this is happening would be appreciated!