feat: add prompt=registration parameter #3636

hperl · 2023-09-28T11:03:52Z

Ory Hydra now supports a registration value for the prompt parameter of the authorization request. When specifying prompt=registration, Hydra will redirect the user to the URL found under urls.registration (instead of urls.login).

Related issue(s)

Checklist

I have read the contributing guidelines.
I have referenced an issue containing the design document if my change
introduces a new feature.
I am following the
contributing code guidelines.
I have read the security policy.
I confirm that this pull request does not address a security
vulnerability. If this pull request addresses a security vulnerability, I
confirm that I got the approval (please contact
security@ory.sh) from the maintainers to push
the changes.
I have added tests that prove my fix is effective or that my feature
works.
I have added or changed the documentation.

Further Comments

codecov · 2023-09-28T11:28:06Z

Codecov Report

Merging #3636 (1134e04) into master (5c8e792) will increase coverage by 0.09%.
Report is 2 commits behind head on master.
The diff coverage is 90.00%.

❗ Current head 1134e04 differs from pull request most recent head df55db8. Consider uploading reports for the commit df55db8 to get more accurate results

@@            Coverage Diff             @@
##           master    #3636      +/-   ##
==========================================
+ Coverage   76.00%   76.10%   +0.09%     
==========================================
  Files         132      132              
  Lines       10015    10076      +61     
==========================================
+ Hits         7612     7668      +56     
- Misses       1879     1881       +2     
- Partials      524      527       +3

Files	Coverage Δ
consent/strategy_default.go	`68.90% <100.00%> (+0.22%)`	⬆️
driver/config/provider.go	`79.33% <100.00%> (+0.13%)`	⬆️
fositex/config.go	`86.11% <86.36%> (ø)`

... and 2 files with indirect coverage changes

kmherrmann

LGTM but I don't have golang readability :)

zepatrik

Nice, just some minor docs/test suggestions 👍

zepatrik · 2023-09-28T12:28:17Z

consent/strategy_default.go

@@ -293,7 +293,14 @@ func (s *DefaultStrategy) forwardAuthenticationRequest(ctx context.Context, w ht
 		return err
 	}

-	http.Redirect(w, r, urlx.SetQuery(s.c.LoginURL(ctx), url.Values{"login_challenge": {encodedFlow}}).String(), http.StatusFound)
+	var baseURL *url.URL
+	if stringslice.Has(prompt, "registration") {


Do we have to add this to the API spec somewhere, so the value is allowed in the SDK?

The authorize endpoint is not part of the API spec, so nothing to change here.

https://www.ory.sh/docs/reference/api#tag/oAuth2/operation/oAuth2Authorize

zepatrik · 2023-09-28T12:32:59Z

oauth2/oauth2_auth_code_test.go

+			acceptLoginHandler(t, c, subject, nil),
+			acceptConsentHandler(t, c, subject, nil))
+
+		code, _ := getAuthorizeCode(t, conf, nil,


Here is not really a check whether we correctly redirected. To not mess with the whole auth code flow, you could wrap above handler and set some bool var when it is executed. That way we know the right UI was used.
Maybe also set the login URI to some random value, so we make sure it is not used instead.

Good point! I set the login handler to nil, which will throw an error. Thus the registration handler ist called.

Hydra now supports a `registration` value for the `prompt` parameter of the authorization request. When specifying `prompt=registration`, Hydra will redirect the user to the URL found under `urls.registration` (instead of `urls.login`).

hperl requested a review from aeneasr as a code owner September 28, 2023 11:03

hperl requested a review from kmherrmann September 28, 2023 11:03

hperl self-assigned this Sep 28, 2023

kmherrmann previously approved these changes Sep 28, 2023

View reviewed changes

zepatrik reviewed Sep 28, 2023

View reviewed changes

hperl dismissed kmherrmann’s stale review via 4b9adb0 September 28, 2023 13:06

hperl force-pushed the hperl/prompt-registration branch from c15d0d3 to 4b9adb0 Compare September 28, 2023 13:06

hperl requested a review from zepatrik September 28, 2023 13:10

feat: add prompt=registration

df55db8

Hydra now supports a `registration` value for the `prompt` parameter of the authorization request. When specifying `prompt=registration`, Hydra will redirect the user to the URL found under `urls.registration` (instead of `urls.login`).

hperl force-pushed the hperl/prompt-registration branch from 4b9adb0 to df55db8 Compare September 28, 2023 18:04

aeneasr approved these changes Sep 29, 2023

View reviewed changes

aeneasr merged commit 19857d2 into master Sep 29, 2023
29 checks passed

aeneasr deleted the hperl/prompt-registration branch September 29, 2023 08:01

alnr mentioned this pull request Mar 20, 2024

Add prompt=create alias for prompt=registration #3742

Open

5 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: add prompt=registration parameter #3636

feat: add prompt=registration parameter #3636

hperl commented Sep 28, 2023

codecov bot commented Sep 28, 2023 •

edited

kmherrmann left a comment

zepatrik left a comment

zepatrik Sep 28, 2023

hperl Sep 28, 2023

zepatrik Sep 28, 2023

hperl Sep 28, 2023

feat: add prompt=registration parameter #3636

feat: add prompt=registration parameter #3636

Conversation

hperl commented Sep 28, 2023

Related issue(s)

Checklist

Further Comments

codecov bot commented Sep 28, 2023 • edited

Codecov Report

kmherrmann left a comment

Choose a reason for hiding this comment

zepatrik left a comment

Choose a reason for hiding this comment

zepatrik Sep 28, 2023

Choose a reason for hiding this comment

hperl Sep 28, 2023

Choose a reason for hiding this comment

zepatrik Sep 28, 2023

Choose a reason for hiding this comment

hperl Sep 28, 2023

Choose a reason for hiding this comment

codecov bot commented Sep 28, 2023 •

edited