Replies: 1 comment
-
|
Looks like this was mentioned in the CHANGELOG for v2, but it was not made clear that the change would effectively break existing id_tokens that were created on Hydra 1.. I am confused by the commit message from #1482 / d746fa4
Does 'with and without' mean that if I added the trailing slash back in in the config, while it would solve that user's problem, would it then break all new tokens created on Hydra 2 due to the sudden change? Or does 'with and without' mean 'if you add the trailing slash, it will continue to work for tokens that were issued with an issuer without the trailing slash? My only other recourse I guess is to clear all sessions for that subject, or all subjects who have an authentication session in the db that was created prior to my upgrade taking place.. |
Beta Was this translation helpful? Give feedback.
-
Hi
I have a user who logged in via Hydra 1.11.0 on July 11th, and then I just saw them try to go through the Logout flow on my Hydra which is now running Hydra 2.2.0.
I don't have any control over the RP they are using, only the OP.
The logout flow experienced an error which was:
That looks to me like Hydra 2.2.0 has removed that trailing slash from the issuer claim URL, which breaks those logout sessions from working. I did not change any such values myself as part of the upgrade.
Is there anything I can do at the OP end to deal with this? Short of telling the users of that RP to just clear their cookies and close their browsers as a brute force 'logout' rather than try the logout flow.
Maybe I can delete all sessions in the Hydra db older than the date that I upgraded to Hydra 2?
To be clear: logout is working for users who logged in via Hydra 2. This one seems to just be an old session.
Thanks for any assistance.
Beta Was this translation helpful? Give feedback.
All reactions