Signup during signin


#1

Hi.

I am working on allowing users to sign up for a new account during the sign in flow:

  1. User generates an oauth login link via Hydra
  2. User is redirected by Hydra to the login provider on myapp.com/signin?login_challenge=xxxxxxx
  3. On the sign in page, we show “Don’t have a myapp account yet ? Sign up here.” Clicks on it
  4. We send the user to myapp.com/signup?returnTo=/%2Fsignin%3Flogin_challenge%3Dxxxxxxx
  5. User signs up, we redirect back to the login provider with the login_challenge in the returnTo param. We automatically sign the user without showing the sign in page using cookie that was stored in the sign up page.

Problem is at step 5, when we redirect the user back to the login provider with the previous login challenge. If the login challenge expiration time is too short, by the time the user signs up and redirected back it will already expire.

Does anyone know how long the login challenge is valid for ?
Does this flow make sense ?

Thanks.


Authentication after Sign-up
#2
$  hydra help serve | grep LIFESPAN
- AUTH_CODE_LIFESPAN: Lifespan of OAuth2 authorize codes. Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h".
        Defaults to AUTH_CODE_LIFESPAN=10m
- ID_TOKEN_LIFESPAN: Lifespan of OpenID Connect ID Tokens. Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h".
        Defaults to ID_TOKEN_LIFESPAN=1h
- ACCESS_TOKEN_LIFESPAN: Lifespan of OAuth2 access tokens. Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h".
        Defaults to ACCESS_TOKEN_LIFESPAN=1h
- CHALLENGE_TOKEN_LIFESPAN: Lifespan of OAuth2 consent tokens. Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h".
        Defaults to CHALLENGE_TOKEN_LIFESPAN=10m

#3

Cool!
10 minutes should be enough to sign up.