(ctx context.Context, registrationFlow *registration.Flow, s *session.Session, i *identity.Identity)
| 116 | } |
| 117 | |
| 118 | func (e *SessionIssuer) acceptLoginChallenge(ctx context.Context, registrationFlow *registration.Flow, s *session.Session, i *identity.Identity) error { |
| 119 | // If Kratos is used as a Hydra login provider, we need to redirect back to Hydra by using the continue_with items |
| 120 | // with the post login challenge URL as the body. |
| 121 | // We only do this if the flow did not create a verification flow (e.g. verification is disabled or not active due to it being a code flow). |
| 122 | // Since the session issuer hook must be the last hook in the flow, we can safely assume that the verification flow was already added (if it was) |
| 123 | if registrationFlow.OAuth2LoginChallenge != "" && !willVerificationFollow(registrationFlow) { |
| 124 | postChallengeURL, err := e.r.Hydra().AcceptLoginRequest(ctx, |
| 125 | hydra.AcceptLoginRequestParams{ |
| 126 | LoginChallenge: string(registrationFlow.OAuth2LoginChallenge), |
| 127 | IdentityID: i.ID.String(), |
| 128 | SessionID: s.ID.String(), |
| 129 | AuthenticationMethods: s.AMR, |
| 130 | }) |
| 131 | if err != nil { |
| 132 | return err |
| 133 | } |
| 134 | cw := []flow.ContinueWith{} |
| 135 | for _, i := range registrationFlow.ContinueWithItems { |
| 136 | // Filter any continueWithRedirectBrowserTo items out of the list |
| 137 | // We will add a new one at the end of the flow |
| 138 | // as the OAuth2 login challenge should be the last step in the flow |
| 139 | if i.GetAction() != string(flow.ContinueWithActionRedirectBrowserToString) { |
| 140 | cw = append(cw, i) |
| 141 | } |
| 142 | } |
| 143 | registrationFlow.ContinueWithItems = append(cw, flow.NewContinueWithRedirectBrowserTo(postChallengeURL)) |
| 144 | } |
| 145 | return nil |
| 146 | } |
| 147 | |
| 148 | // willVerificationFollow returns true if the flow's continue with items contain a verification UI. |
| 149 | func willVerificationFollow(f *registration.Flow) bool { |
no test coverage detected