Hydra login callback called twice

[drev74]

Hello I'm running a self-hosted hydra with a basic react app with Vite . Here's my code: 👀

// login.ts
export function Login() {
  const [searchParams] = useSearchParams()

 useEffect(() => {
   const challenge = searchParams.get("login_challenge")
   console.log(`*** login challenge: ${challenge}`);
 })

return (
  <h2>Login Page</h2>
)

# hydra.yml
version: v2.1.2

serve:
  cookies:
    same_site_mode: Lax

urls:
  self:
    issuer: http://localhost:4444
  consent: http://192.168.1.93:3000/consent
  login: http://192.168.1.93:3000/login
  logout: http://192.168.1.93:3000/logout

secrets:
  cookie:
    - youReallyNeedToChangeThis
  system:
    - youReallyNeedToChangeThis

oidc:
  subject_identifiers:
    supported_types:
      - pairwise
      - public
    pairwise:
      salt: youReallyNeedToChangeThis

log:
  leak_sensitive_values: true
  level: debug

When I start my app, I see the following in console: *** login challenge: c3c25a2237a84b41a02ca302eb94e47d
Thus my login page was called TWICE by hydra.

Is this a bug? Why would hydra make an extra dummy call in my case? 🙄

Hydra ver: v2.1.2
React: 18.2.0
React-router-dom: 6.12.1
Vite: 4.3.9

[vinckr]

Hello @drev74

I am not sure what the issue is here. Is sharing a repo with some code and steps to run it an option for you - or what you posted above enough?

Ory Hydra may redirect to the login endpoint multiple times during the OAuth 2.0 flow, especially if the user is not authenticated or the consent has not been granted yet.

You might want to check the Hydra logs for any error messages or warnings. If you're running Hydra behind a reverse proxy, make sure it doesn't strip the Cookie header as it might cause issues. Also, ensure that your Hydra configuration is correct and that you're using the --dev flag if you're running Hydra over HTTP. (read more here)