Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Allow configuration of custom upstream_parameters #4293

Open
5 tasks done
hugotiburtino opened this issue Feb 7, 2025 · 5 comments
Open
5 tasks done

Allow configuration of custom upstream_parameters #4293

hugotiburtino opened this issue Feb 7, 2025 · 5 comments
Labels
feat New feature or request.

Comments

@hugotiburtino
Copy link

hugotiburtino commented Feb 7, 2025
edited
Loading

Preflight checklist

Ory Network Project

No response

Describe your problem

In a social login a identity provider asked us to pass a custom query parameter at login (let's say idp_hint).
It would be so simple as doing

kratos.updateLoginFlow({ 
  flow: flow.id, 
  updateLoginFlowBody: {
    ...values, 
    upstream_parameters: { idp_hint: 'foo' } 
  } 
})

but Ory Kratos currently supports only the following upstream parameters: login_hint, hd, prompt, and auth_type.

Describe your ideal solution

It would be handy to have a configuration field to allow other upstream parameters.

Workarounds or alternatives

Even simpler would be to allow any custom parameter. But of course it would mean a security risk.

Version

v1.3.0

Additional Context

No response
@hugotiburtino hugotiburtino added the feat New feature or request. label Feb 7, 2025
@hugotiburtino hugotiburtino mentioned this issue Feb 7, 2025
Open
1 task
@aeneasr
Copy link
Member

aeneasr commented Feb 13, 2025

It should probably be fine to allow setting most parameters (except security relevant ones line state, nonce etc). What exactly are you trying to solve

@hugotiburtino
Copy link
Author

hugotiburtino commented Feb 14, 2025
edited
Loading

I'm trying to solve a demand of an important partner.
They are going to redirect to our login page with a query parameter (v.g. example.org/#?idp_hint=foo). We should get the idp_hint and forward it to the Social Login after the user clicks the partner button.
It would be good to be able to do the something clean like the following:

kratos.updateLoginFlow({ 
  updateLoginFlowBody: {
    // ...
    upstream_parameters: { idp_hint: extractIdpHintFromUrl() } 
  } 
})

As it is now, we are forced to hack.

@aeneasr
Copy link
Member

aeneasr commented Feb 14, 2025

Which provider is that? We can probably add a custom provider to support this parameter

@hugotiburtino
Copy link
Author

I will tell you privately.
But I think anyway that it would be a handy to leave it free to each developer that have to implement custom social login.

@aeneasr
Copy link
Member

aeneasr commented Feb 14, 2025

If it‘s private it doesn’t belong in an open source repository :)

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
feat New feature or request.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aeneasr @hugotiburtino