diff --git a/internal/httpclient/api/openapi.yaml b/internal/httpclient/api/openapi.yaml index 5883c48fe970..66de098ef798 100644 --- a/internal/httpclient/api/openapi.yaml +++ b/internal/httpclient/api/openapi.yaml @@ -1109,19 +1109,6 @@ paths: More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). operationId: initializeSelfServiceLoginFlowForBrowsers parameters: - - description: |- - An optional Hydra login challenge. If present, Kratos will cooperate with - Ory Hydra to act as an OAuth2 identity provider. - - The value for this parameter comes from `login_challenge` URL Query parameter sent to your - application (e.g. `/login?login_challenge=abcde`). - explode: true - in: query - name: login_challenge - required: false - schema: - type: string - style: form - description: |- Refresh a login session @@ -1169,6 +1156,19 @@ paths: schema: type: string style: simple + - description: |- + An optional Hydra login challenge. If present, Kratos will cooperate with + Ory Hydra to act as an OAuth2 identity provider. + + The value for this parameter comes from `login_challenge` URL Query parameter sent to your + application (e.g. `/login?login_challenge=abcde`). + explode: true + in: query + name: login_challenge + required: false + schema: + type: string + style: form responses: "200": content: @@ -1868,6 +1868,14 @@ paths: More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). operationId: initializeSelfServiceRegistrationFlowForBrowsers parameters: + - description: The URL to return the browser to after the flow was completed. + explode: true + in: query + name: return_to + required: false + schema: + type: string + style: form - description: |- Ory OAuth 2.0 Login Challenge. @@ -1884,14 +1892,6 @@ paths: schema: type: string style: form - - description: The URL to return the browser to after the flow was completed. - explode: true - in: query - name: return_to - required: false - schema: - type: string - style: form responses: "200": content: diff --git a/internal/httpclient/api_v0alpha2.go b/internal/httpclient/api_v0alpha2.go index 0955abec27ff..04001b3c65be 100644 --- a/internal/httpclient/api_v0alpha2.go +++ b/internal/httpclient/api_v0alpha2.go @@ -4408,17 +4408,13 @@ func (a *V0alpha2ApiService) GetWebAuthnJavaScriptExecute(r V0alpha2ApiApiGetWeb type V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest struct { ctx context.Context ApiService V0alpha2Api - loginChallenge *string refresh *bool aal *string returnTo *string cookie *string + loginChallenge *string } -func (r V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest) LoginChallenge(loginChallenge string) V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest { - r.loginChallenge = &loginChallenge - return r -} func (r V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest) Refresh(refresh bool) V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest { r.refresh = &refresh return r @@ -4435,6 +4431,10 @@ func (r V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest) Cookie(c r.cookie = &cookie return r } +func (r V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest) LoginChallenge(loginChallenge string) V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest { + r.loginChallenge = &loginChallenge + return r +} func (r V0alpha2ApiApiInitializeSelfServiceLoginFlowForBrowsersRequest) Execute() (*SelfServiceLoginFlow, *http.Response, error) { return r.ApiService.InitializeSelfServiceLoginFlowForBrowsersExecute(r) @@ -4501,9 +4501,6 @@ func (a *V0alpha2ApiService) InitializeSelfServiceLoginFlowForBrowsersExecute(r localVarQueryParams := url.Values{} localVarFormParams := url.Values{} - if r.loginChallenge != nil { - localVarQueryParams.Add("login_challenge", parameterToString(*r.loginChallenge, "")) - } if r.refresh != nil { localVarQueryParams.Add("refresh", parameterToString(*r.refresh, "")) } @@ -4513,6 +4510,9 @@ func (a *V0alpha2ApiService) InitializeSelfServiceLoginFlowForBrowsersExecute(r if r.returnTo != nil { localVarQueryParams.Add("return_to", parameterToString(*r.returnTo, "")) } + if r.loginChallenge != nil { + localVarQueryParams.Add("login_challenge", parameterToString(*r.loginChallenge, "")) + } // to determine the Content-Type header localVarHTTPContentTypes := []string{} @@ -5027,18 +5027,18 @@ func (a *V0alpha2ApiService) InitializeSelfServiceRecoveryFlowWithoutBrowserExec type V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest struct { ctx context.Context ApiService V0alpha2Api - loginChallenge *string returnTo *string + loginChallenge *string } -func (r V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest) LoginChallenge(loginChallenge string) V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest { - r.loginChallenge = &loginChallenge - return r -} func (r V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest) ReturnTo(returnTo string) V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest { r.returnTo = &returnTo return r } +func (r V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest) LoginChallenge(loginChallenge string) V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest { + r.loginChallenge = &loginChallenge + return r +} func (r V0alpha2ApiApiInitializeSelfServiceRegistrationFlowForBrowsersRequest) Execute() (*SelfServiceRegistrationFlow, *http.Response, error) { return r.ApiService.InitializeSelfServiceRegistrationFlowForBrowsersExecute(r) @@ -5107,12 +5107,12 @@ func (a *V0alpha2ApiService) InitializeSelfServiceRegistrationFlowForBrowsersExe localVarQueryParams := url.Values{} localVarFormParams := url.Values{} - if r.loginChallenge != nil { - localVarQueryParams.Add("login_challenge", parameterToString(*r.loginChallenge, "")) - } if r.returnTo != nil { localVarQueryParams.Add("return_to", parameterToString(*r.returnTo, "")) } + if r.loginChallenge != nil { + localVarQueryParams.Add("login_challenge", parameterToString(*r.loginChallenge, "")) + } // to determine the Content-Type header localVarHTTPContentTypes := []string{} diff --git a/internal/httpclient/docs/V0alpha2Api.md b/internal/httpclient/docs/V0alpha2Api.md index 14a44c40e916..4c909b98e761 100644 --- a/internal/httpclient/docs/V0alpha2Api.md +++ b/internal/httpclient/docs/V0alpha2Api.md @@ -1493,7 +1493,7 @@ No authorization required ## InitializeSelfServiceLoginFlowForBrowsers -> SelfServiceLoginFlow InitializeSelfServiceLoginFlowForBrowsers(ctx).LoginChallenge(loginChallenge).Refresh(refresh).Aal(aal).ReturnTo(returnTo).Cookie(cookie).Execute() +> SelfServiceLoginFlow InitializeSelfServiceLoginFlowForBrowsers(ctx).Refresh(refresh).Aal(aal).ReturnTo(returnTo).Cookie(cookie).LoginChallenge(loginChallenge).Execute() Initialize Login Flow for Browsers @@ -1512,15 +1512,15 @@ import ( ) func main() { - loginChallenge := "loginChallenge_example" // string | An optional Hydra login challenge. If present, Kratos will cooperate with Ory Hydra to act as an OAuth2 identity provider. The value for this parameter comes from `login_challenge` URL Query parameter sent to your application (e.g. `/login?login_challenge=abcde`). (optional) refresh := true // bool | Refresh a login session If set to true, this will refresh an existing login session by asking the user to sign in again. This will reset the authenticated_at time of the session. (optional) aal := "aal_example" // string | Request a Specific AuthenticationMethod Assurance Level Use this parameter to upgrade an existing session's authenticator assurance level (AAL). This allows you to ask for multi-factor authentication. When an identity sign in using e.g. username+password, the AAL is 1. If you wish to \"upgrade\" the session's security by asking the user to perform TOTP / WebAuth/ ... you would set this to \"aal2\". (optional) returnTo := "returnTo_example" // string | The URL to return the browser to after the flow was completed. (optional) cookie := "cookie_example" // string | HTTP Cookies When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header sent by the client to your server here. This ensures that CSRF and session cookies are respected. (optional) + loginChallenge := "loginChallenge_example" // string | An optional Hydra login challenge. If present, Kratos will cooperate with Ory Hydra to act as an OAuth2 identity provider. The value for this parameter comes from `login_challenge` URL Query parameter sent to your application (e.g. `/login?login_challenge=abcde`). (optional) configuration := openapiclient.NewConfiguration() apiClient := openapiclient.NewAPIClient(configuration) - resp, r, err := apiClient.V0alpha2Api.InitializeSelfServiceLoginFlowForBrowsers(context.Background()).LoginChallenge(loginChallenge).Refresh(refresh).Aal(aal).ReturnTo(returnTo).Cookie(cookie).Execute() + resp, r, err := apiClient.V0alpha2Api.InitializeSelfServiceLoginFlowForBrowsers(context.Background()).Refresh(refresh).Aal(aal).ReturnTo(returnTo).Cookie(cookie).LoginChallenge(loginChallenge).Execute() if err != nil { fmt.Fprintf(os.Stderr, "Error when calling `V0alpha2Api.InitializeSelfServiceLoginFlowForBrowsers``: %v\n", err) fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) @@ -1541,11 +1541,11 @@ Other parameters are passed through a pointer to a apiInitializeSelfServiceLogin Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- - **loginChallenge** | **string** | An optional Hydra login challenge. If present, Kratos will cooperate with Ory Hydra to act as an OAuth2 identity provider. The value for this parameter comes from `login_challenge` URL Query parameter sent to your application (e.g. `/login?login_challenge=abcde`). | **refresh** | **bool** | Refresh a login session If set to true, this will refresh an existing login session by asking the user to sign in again. This will reset the authenticated_at time of the session. | **aal** | **string** | Request a Specific AuthenticationMethod Assurance Level Use this parameter to upgrade an existing session's authenticator assurance level (AAL). This allows you to ask for multi-factor authentication. When an identity sign in using e.g. username+password, the AAL is 1. If you wish to \"upgrade\" the session's security by asking the user to perform TOTP / WebAuth/ ... you would set this to \"aal2\". | **returnTo** | **string** | The URL to return the browser to after the flow was completed. | **cookie** | **string** | HTTP Cookies When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header sent by the client to your server here. This ensures that CSRF and session cookies are respected. | + **loginChallenge** | **string** | An optional Hydra login challenge. If present, Kratos will cooperate with Ory Hydra to act as an OAuth2 identity provider. The value for this parameter comes from `login_challenge` URL Query parameter sent to your application (e.g. `/login?login_challenge=abcde`). | ### Return type @@ -1764,7 +1764,7 @@ No authorization required ## InitializeSelfServiceRegistrationFlowForBrowsers -> SelfServiceRegistrationFlow InitializeSelfServiceRegistrationFlowForBrowsers(ctx).LoginChallenge(loginChallenge).ReturnTo(returnTo).Execute() +> SelfServiceRegistrationFlow InitializeSelfServiceRegistrationFlowForBrowsers(ctx).ReturnTo(returnTo).LoginChallenge(loginChallenge).Execute() Initialize Registration Flow for Browsers @@ -1783,12 +1783,12 @@ import ( ) func main() { - loginChallenge := "loginChallenge_example" // string | Ory OAuth 2.0 Login Challenge. If set will cooperate with Ory OAuth2 and OpenID to act as an OAuth2 server / OpenID Provider. The value for this parameter comes from `login_challenge` URL Query parameter sent to your application (e.g. `/registration?login_challenge=abcde`). This feature is compatible with Ory Hydra when not running on the Ory Network. (optional) returnTo := "returnTo_example" // string | The URL to return the browser to after the flow was completed. (optional) + loginChallenge := "loginChallenge_example" // string | Ory OAuth 2.0 Login Challenge. If set will cooperate with Ory OAuth2 and OpenID to act as an OAuth2 server / OpenID Provider. The value for this parameter comes from `login_challenge` URL Query parameter sent to your application (e.g. `/registration?login_challenge=abcde`). This feature is compatible with Ory Hydra when not running on the Ory Network. (optional) configuration := openapiclient.NewConfiguration() apiClient := openapiclient.NewAPIClient(configuration) - resp, r, err := apiClient.V0alpha2Api.InitializeSelfServiceRegistrationFlowForBrowsers(context.Background()).LoginChallenge(loginChallenge).ReturnTo(returnTo).Execute() + resp, r, err := apiClient.V0alpha2Api.InitializeSelfServiceRegistrationFlowForBrowsers(context.Background()).ReturnTo(returnTo).LoginChallenge(loginChallenge).Execute() if err != nil { fmt.Fprintf(os.Stderr, "Error when calling `V0alpha2Api.InitializeSelfServiceRegistrationFlowForBrowsers``: %v\n", err) fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) @@ -1809,8 +1809,8 @@ Other parameters are passed through a pointer to a apiInitializeSelfServiceRegis Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- - **loginChallenge** | **string** | Ory OAuth 2.0 Login Challenge. If set will cooperate with Ory OAuth2 and OpenID to act as an OAuth2 server / OpenID Provider. The value for this parameter comes from `login_challenge` URL Query parameter sent to your application (e.g. `/registration?login_challenge=abcde`). This feature is compatible with Ory Hydra when not running on the Ory Network. | **returnTo** | **string** | The URL to return the browser to after the flow was completed. | + **loginChallenge** | **string** | Ory OAuth 2.0 Login Challenge. If set will cooperate with Ory OAuth2 and OpenID to act as an OAuth2 server / OpenID Provider. The value for this parameter comes from `login_challenge` URL Query parameter sent to your application (e.g. `/registration?login_challenge=abcde`). This feature is compatible with Ory Hydra when not running on the Ory Network. | ### Return type diff --git a/selfservice/flow/login/handler.go b/selfservice/flow/login/handler.go index ae3adbe01acf..a4abf3677d34 100644 --- a/selfservice/flow/login/handler.go +++ b/selfservice/flow/login/handler.go @@ -284,16 +284,6 @@ func (h *Handler) initAPIFlow(w http.ResponseWriter, r *http.Request, _ httprout // nolint:deadcode,unused // swagger:parameters initializeSelfServiceLoginFlowForBrowsers type initializeSelfServiceLoginFlowForBrowsers struct { - // An optional Hydra login challenge. If present, Kratos will cooperate with - // Ory Hydra to act as an OAuth2 identity provider. - // - // The value for this parameter comes from `login_challenge` URL Query parameter sent to your - // application (e.g. `/login?login_challenge=abcde`). - // - // required: false - // in: query - HydraLoginChallenge string `json:"login_challenge"` - // Refresh a login session // // If set to true, this will refresh an existing login session by @@ -326,6 +316,16 @@ type initializeSelfServiceLoginFlowForBrowsers struct { // in: header // name: Cookie Cookies string `json:"Cookie"` + + // An optional Hydra login challenge. If present, Kratos will cooperate with + // Ory Hydra to act as an OAuth2 identity provider. + // + // The value for this parameter comes from `login_challenge` URL Query parameter sent to your + // application (e.g. `/login?login_challenge=abcde`). + // + // required: false + // in: query + HydraLoginChallenge string `json:"login_challenge"` } // swagger:route GET /self-service/login/browser v0alpha2 initializeSelfServiceLoginFlowForBrowsers diff --git a/selfservice/flow/registration/handler.go b/selfservice/flow/registration/handler.go index e3199dc3429e..0ce58345152e 100644 --- a/selfservice/flow/registration/handler.go +++ b/selfservice/flow/registration/handler.go @@ -195,6 +195,11 @@ func (h *Handler) initApiFlow(w http.ResponseWriter, r *http.Request, _ httprout // nolint:deadcode,unused // swagger:parameters initializeSelfServiceRegistrationFlowForBrowsers type initializeSelfServiceRegistrationFlowForBrowsers struct { + // The URL to return the browser to after the flow was completed. + // + // in: query + ReturnTo string `json:"return_to"` + // Ory OAuth 2.0 Login Challenge. // // If set will cooperate with Ory OAuth2 and OpenID to act as an OAuth2 server / OpenID Provider. @@ -207,11 +212,6 @@ type initializeSelfServiceRegistrationFlowForBrowsers struct { // required: false // in: query LoginChallenge string `json:"login_challenge"` - - // The URL to return the browser to after the flow was completed. - // - // in: query - ReturnTo string `json:"return_to"` } // swagger:route GET /self-service/registration/browser v0alpha2 initializeSelfServiceRegistrationFlowForBrowsers diff --git a/spec/api.json b/spec/api.json index b5dc960f8c02..ba9b35eb2c99 100755 --- a/spec/api.json +++ b/spec/api.json @@ -4150,14 +4150,6 @@ "description": "This endpoint initializes a browser-based user login flow. This endpoint will set the appropriate\ncookies and anti-CSRF measures required for browser-based flows.\n\nIf this endpoint is opened as a link in the browser, it will be redirected to\n`selfservice.flows.login.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session\nexists already, the browser will be redirected to `urls.default_redirect_url` unless the query parameter\n`?refresh=true` was set.\n\nIf this endpoint is called via an AJAX request, the response contains the flow without a redirect. In the\ncase of an error, the `error.id` of the JSON response body can be one of:\n\n`session_already_available`: The user is already signed in.\n`session_aal1_required`: Multi-factor auth (e.g. 2fa) was requested but the user has no session yet.\n`security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred.\n`security_identity_mismatch`: The requested `?return_to` address is not allowed to be used. Adjust this in the configuration!\n\nThe optional query parameter login_challenge is set when using Kratos with\nHydra in an OAuth2 flow. See the oauth2_provider.url configuration\noption.\n\nThis endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed.\n\nMore information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).", "operationId": "initializeSelfServiceLoginFlowForBrowsers", "parameters": [ - { - "description": "An optional Hydra login challenge. If present, Kratos will cooperate with\nOry Hydra to act as an OAuth2 identity provider.\n\nThe value for this parameter comes from `login_challenge` URL Query parameter sent to your\napplication (e.g. `/login?login_challenge=abcde`).", - "in": "query", - "name": "login_challenge", - "schema": { - "type": "string" - } - }, { "description": "Refresh a login session\n\nIf set to true, this will refresh an existing login session by\nasking the user to sign in again. This will reset the\nauthenticated_at time of the session.", "in": "query", @@ -4189,6 +4181,14 @@ "schema": { "type": "string" } + }, + { + "description": "An optional Hydra login challenge. If present, Kratos will cooperate with\nOry Hydra to act as an OAuth2 identity provider.\n\nThe value for this parameter comes from `login_challenge` URL Query parameter sent to your\napplication (e.g. `/login?login_challenge=abcde`).", + "in": "query", + "name": "login_challenge", + "schema": { + "type": "string" + } } ], "responses": { @@ -4881,17 +4881,17 @@ "operationId": "initializeSelfServiceRegistrationFlowForBrowsers", "parameters": [ { - "description": "Ory OAuth 2.0 Login Challenge.\n\nIf set will cooperate with Ory OAuth2 and OpenID to act as an OAuth2 server / OpenID Provider.\n\nThe value for this parameter comes from `login_challenge` URL Query parameter sent to your\napplication (e.g. `/registration?login_challenge=abcde`).\n\nThis feature is compatible with Ory Hydra when not running on the Ory Network.", + "description": "The URL to return the browser to after the flow was completed.", "in": "query", - "name": "login_challenge", + "name": "return_to", "schema": { "type": "string" } }, { - "description": "The URL to return the browser to after the flow was completed.", + "description": "Ory OAuth 2.0 Login Challenge.\n\nIf set will cooperate with Ory OAuth2 and OpenID to act as an OAuth2 server / OpenID Provider.\n\nThe value for this parameter comes from `login_challenge` URL Query parameter sent to your\napplication (e.g. `/registration?login_challenge=abcde`).\n\nThis feature is compatible with Ory Hydra when not running on the Ory Network.", "in": "query", - "name": "return_to", + "name": "login_challenge", "schema": { "type": "string" } diff --git a/spec/swagger.json b/spec/swagger.json index 8c9efd5231be..e310ab3f7d03 100755 --- a/spec/swagger.json +++ b/spec/swagger.json @@ -1146,12 +1146,6 @@ "summary": "Initialize Login Flow for Browsers", "operationId": "initializeSelfServiceLoginFlowForBrowsers", "parameters": [ - { - "type": "string", - "description": "An optional Hydra login challenge. If present, Kratos will cooperate with\nOry Hydra to act as an OAuth2 identity provider.\n\nThe value for this parameter comes from `login_challenge` URL Query parameter sent to your\napplication (e.g. `/login?login_challenge=abcde`).", - "name": "login_challenge", - "in": "query" - }, { "type": "boolean", "description": "Refresh a login session\n\nIf set to true, this will refresh an existing login session by\nasking the user to sign in again. This will reset the\nauthenticated_at time of the session.", @@ -1175,6 +1169,12 @@ "description": "HTTP Cookies\n\nWhen using the SDK in a browser app, on the server side you must include the HTTP Cookie Header\nsent by the client to your server here. This ensures that CSRF and session cookies are respected.", "name": "Cookie", "in": "header" + }, + { + "type": "string", + "description": "An optional Hydra login challenge. If present, Kratos will cooperate with\nOry Hydra to act as an OAuth2 identity provider.\n\nThe value for this parameter comes from `login_challenge` URL Query parameter sent to your\napplication (e.g. `/login?login_challenge=abcde`).", + "name": "login_challenge", + "in": "query" } ], "responses": { @@ -1756,14 +1756,14 @@ "parameters": [ { "type": "string", - "description": "Ory OAuth 2.0 Login Challenge.\n\nIf set will cooperate with Ory OAuth2 and OpenID to act as an OAuth2 server / OpenID Provider.\n\nThe value for this parameter comes from `login_challenge` URL Query parameter sent to your\napplication (e.g. `/registration?login_challenge=abcde`).\n\nThis feature is compatible with Ory Hydra when not running on the Ory Network.", - "name": "login_challenge", + "description": "The URL to return the browser to after the flow was completed.", + "name": "return_to", "in": "query" }, { "type": "string", - "description": "The URL to return the browser to after the flow was completed.", - "name": "return_to", + "description": "Ory OAuth 2.0 Login Challenge.\n\nIf set will cooperate with Ory OAuth2 and OpenID to act as an OAuth2 server / OpenID Provider.\n\nThe value for this parameter comes from `login_challenge` URL Query parameter sent to your\napplication (e.g. `/registration?login_challenge=abcde`).\n\nThis feature is compatible with Ory Hydra when not running on the Ory Network.", + "name": "login_challenge", "in": "query" } ],