You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
My setup :
Cloudflare -> Nginx -> Oathkeeper(decision api) -> Kratos.
Kratos is configured for password less code login and Google OIDC login, Self Service and registration is enabled. Bug :
If registering a Google account via native flow using Flutter/Dart ORY client and then retrieving OIDC credential details via the admin API endpoint admin/identities/<id>?include_credential=oidc throws an error json{"error":{"code":500,"status":"Internal Server Error","reason":"Unable to decode hex encrypted string","message":"An internal server error occurred, please contact the system administrator"}} . Retrieving identity without including credential query admin/identities/<id> works perfectly.
It only happens when the account is registered using Native OIDC Flow, as using browser flow via Self-Service UI works perfectly both with query and no query.
Also registration seems to be working in the native flow cause session token is received after the registration flow.
Reproducing the bug
Version
Flutter 3.19.6
Dart SDK version: 3.3.4
Flutter Code
final res =await dio
.get('https://api.example.com/auth/self-service/registration/api');
final data =Map<String, dynamic>.from(res.data);
final flowId = data['id'];
if (credentialManager.isSupportedPlatform) {
await credentialManager.init(
preferImmediatelyAvailableCredentials:true,
googleClientId: clientId,
);
final gCredential =await credentialManager.saveGoogleCredential(
nonce:Nonce(nonce:"jedn23iudbuyfb"),
);
final idToken = gCredential!.idToken;
var body =UpdateRegistrationFlowWithOidcMethod((b) => b
..idToken = idToken
..idTokenNonce ='jedn23iudbuyfb'
..method ='oidc'
..provider ='google');
final response =await ory.getFrontendApi().updateRegistrationFlow(
flow: flowId,
updateRegistrationFlowBody:UpdateRegistrationFlowBody(
(b) => b..oneOf =OneOf.fromValue1(value: body)),
);
final oryData = response.data;
}
```
### Relevant log output
```shell
time=2024-04-21T23:26:49Z level=info msg=started handling request http_request=map[headers:map[accept:*/* accept-encoding:gzip, br cdn-loop:cloudflare cf-connecting-ip:2401:0000:0000:0000:0000:0000:9a21:d8ae cf-ipcountry:NN cf-ray:000020003ef500a6-CDG cf-visitor:{"scheme":"https"} connection:close content-type:application/json user-agent:curl/7.81.0 x-forwarded-for:172.71.123.27 x-forwarded-proto:https x-forwarded-scheme:https x-real-ip:172.71.123.27] host:kratos.admin-domain.com method:GET path:/admin/identities/1c9fef99-8414-4395-a917-041e1d6e9e57 query:REDACTED remote:172.21.0.2:49112 scheme:http]time=2024-04-21T23:26:49Z level=error msg=An error occurred while handling a request audience=application error=map[debug: message:An internal server error occurred, please contact the system administrator reason:Unable to decode hex encrypted string status:Internal Server Error status_code:500] http_request=map[headers:map[accept:*/* accept-encoding:gzip, br cdn-loop:cloudflare cf-connecting-ip:2401:0000:1c29:0000:0000:0000:9a21:d8ae cf-ipcountry:NN cf-ray:80000000a6-CDG cf-visitor:{"scheme":"https"} connection:close content-type:application/json user-agent:curl/7.81.0 x-forwarded-for:172.71.123.27 x-forwarded-proto:https x-forwarded-scheme:https x-real-ip:172.71.123.27] host:kratos.admin-domain.com method:GET path:/admin/identities/1c9fef99-8414-4395-a917-041e1d6e9e57 query:REDACTED remote:172.21.0.2:49112 scheme:http] http_response=map[status_code:500] service_name=OryKratos service_version=v1.1.0
time=2024-04-21T23:26:49Z level=info msg=completed handling request http_request=map[headers:map[accept:*/* accept-encoding:gzip, br cdn-loop:cloudflare cf-connecting-ip:2401:0000:0000:0000:0000:0000:9a21:d8ae cf-ipcountry:NN cf-ray:800000000-CDG cf-visitor:{"scheme":"https"} connection:close content-type:application/json user-agent:curl/7.81.0 x-forwarded-for:172.71.123.27 x-forwarded-proto:https x-forwarded-scheme:https x-real-ip:172.71.123.27] host:kratos.admin-domain.com method:GET path:/admin/identities/1c9fef99-8414-4395-a917-041e1d6e9e57 query:REDACTED remote:172.21.0.2:49112 scheme:http] http_response=map[headers:map[cache-control:private, no-cache, no-store, must-revalidate content-type:application/json] size:192 status:500 text_status:Internal Server Error took:4.327744ms]
On which operating system are you observing this issue?
Other
In which environment are you deploying?
Docker Compose
Additional Context
All of the browser flow has been tested with all the configurations mentioned above, i am guessing either my native code is wrong or there might be a bug with kratos.
The text was updated successfully, but these errors were encountered:
Preflight checklist
Ory Network Project
No response
Describe the bug
My setup :
Cloudflare -> Nginx -> Oathkeeper(decision api) -> Kratos.
Kratos is configured for password less code login and Google OIDC login, Self Service and registration is enabled.
Bug :
If registering a Google account via native flow using Flutter/Dart ORY client and then retrieving OIDC credential details via the admin API endpoint
admin/identities/<id>?include_credential=oidc
throws an errorjson{"error":{"code":500,"status":"Internal Server Error","reason":"Unable to decode hex encrypted string","message":"An internal server error occurred, please contact the system administrator"}}
. Retrieving identity without including credential queryadmin/identities/<id>
works perfectly.It only happens when the account is registered using Native OIDC Flow, as using browser flow via Self-Service UI works perfectly both with query and no query.
Also registration seems to be working in the native flow cause session token is received after the registration flow.
Reproducing the bug
Version
Flutter 3.19.6
Dart SDK version: 3.3.4
Flutter Code
Relevant configuration
Version
1.1.0
On which operating system are you observing this issue?
Other
In which environment are you deploying?
Docker Compose
Additional Context
All of the browser flow has been tested with all the configurations mentioned above, i am guessing either my native code is wrong or there might be a bug with kratos.
The text was updated successfully, but these errors were encountered: