Hi.
I am working on allowing users to sign up for a new account during the sign in flow:
- User generates an oauth login link via Hydra
- User is redirected by Hydra to the login provider on
myapp.com/signin?login_challenge=xxxxxxx
- On the sign in page, we show “Don’t have a myapp account yet ? Sign up here.” Clicks on it
- We send the user to
myapp.com/signup?returnTo=/%2Fsignin%3Flogin_challenge%3Dxxxxxxx
- User signs up, we redirect back to the login provider with the
login_challenge
in thereturnTo
param. We automatically sign the user without showing the sign in page using cookie that was stored in the sign up page.
Problem is at step 5, when we redirect the user back to the login provider with the previous login challenge. If the login challenge expiration time is too short, by the time the user signs up and redirected back it will already expire.
Does anyone know how long the login challenge is valid for ?
Does this flow make sense ?
Thanks.