`loginRequest.requested_access_token_audience` is setting to `null` instead of `[]`
JoMC98 opened this issue · 2 comments
Preflight checklist
- I could not find a solution in the existing issues, docs, nor discussions.
- I agree to follow this project's Code of Conduct.
- I have read and am following this repository's Contribution Guidelines.
- I have joined the Ory Community Slack.
- I am signed up to the Ory Security Patch Newsletter.
Ory Network Project
No response
Describe the bug
Hi,
We are using Hydra v2.2.0rc3 that is on Pre-Release and in our login service, we are using Python client library ory-hydra-client==2.2.0rc3
.
When we try to obtain the login request with the library function:
hydra_login_request = hydra.get_o_auth2_login_request(login_challenge=login_challenge)
, we receive the following error:
ory_hydra_client.exceptions.ApiTypeError: Invalid type for variable 'requested_access_token_audience'. Required value type is StringSliceJSONFormat and passed type was NoneType at ['received_data']['requested_access_token_audience']
The problem is that this api call: http://<HYDRA_HOST>:4445/admin/oauth2/auth/requests/login?challenge=<LOGIN_CHALLENGE> is returning "requested_access_token_audience": null
as can be seen here:
The python client library expect an Array instead of null, throws an error and the login flow breaks.
I think this can be a bug on the pre-release hydra version and should be fixed before releasing the stable version.
I have read the following issue that is similar: #2039, but we are not using in-memory database, we are using MySQL database.
Thanks in advance
Reproducing the bug
- Start hydra with v2.2.0rc3
- GET
http://<HYDRA_HOST>:4445/admin/oauth2/auth/requests/login?challenge=<CHALLENGE>
- You can see that
requested_access_token_audience
is null instead of empty list
Relevant log output
No response
Relevant configuration
No response
Version
v2.2.0rc3
On which operating system are you observing this issue?
None
In which environment are you deploying?
None
Additional Context
No response
It seems v2.2 got released on docker hub (and v2 now points to v2.2) without this issue being fixed. So most clients are now broken. (At least hydra-client-rust has the same problem. The API violation seems to be on the hydra server side.)