Redirect URI additional query params


#1

Is it possible to implement the hydra consent workflow without a cache?

At the end of the callback function we’d like to return the JSONAPI data related to the user that has consented. However, the request to handleCallback doesn’t appear to have any data related to the user, only to the token information. We tried adding the profile ID to the redirect URI as a query param; however hydra strips it out by the time we hit the callback.
This suggests we either have to cache the user/token from an earlier request (login or consent) or we’re missing something about how to pass user-information to the redirect URI which the callback API handles.

Unlike the example app, we don’t have this all in one file. We would prefer our consent app to remain stateless.

Is there a way to pass information between the login & consent that would be visible by the time the callback request is made - even if its just a user id? Or is there something we’re misunderstanding?

Thanks for your help in advance.


#2

Not sure if I understand you correctly, but I it sounds like you should be using the OpenID Connect to get profile information (use scopes openid).

You can disable Hydra’s consent cache with prompt=login (also OpenID Connect)

Redirect parameters have to match precisely unfortunately, including query params.


#3

Apologies for the late reply.

The answer lay with the oAuth2TokenIntrospection.Sub with SDK.IntrospectOAuth2Token.Sub where we were able to define the subject of the token. This allowed us to set and retrieve the userID to hydrate the profile we needed. Thanks


#4

Perfect, glad you got it working!


#5

I also interesting this this issue. So where I put this statement? In query of URL when invoke to ORY Hydra to login?


#6

Please read https://connect2id.com/learn/openid-connect