Call to consent accept/reject for a second time gives error

[condemil]

Describe the bug
When I call hydra API endpoint PUT /oauth2/auth/requests/consent/{id]/reject or /accept for a second time with the same id it gives the error back:

An error occurred while handling a request" code=409 details="map[]" error="Error 1062: Duplicate entry '{id}' for key 'PRIMARY': Unable to insert or update resource because a resource with that value exists already

To Reproduce
Steps to reproduce the behavior:

1. Call PUT /oauth2/auth/requests/consent/{id]/reject twice
2. See error in Hydra logs

Expected behavior
I expect that this behavior is handled correctly, I think the best approach is to validate the existing primary key in db and return same response as for the first call.

Screenshots
N/A

Version:

• Environment: Hydra Alpine docker image
• Version: v1.0.0-rc.6_oryOS.1

Additional context
N/A

[aeneasr]

The error is handled correctly though with a 409. What problem are you facing when the error is returned? Is it that you need to check for the 409 error state explicitly?

[condemil]

I see error in Hydra logs, I expect errors to be something that should be fixed in code or do Hydra app use some different approach?

level=error msg="An error occurred while handling a request" code=409

[condemil]

Another problem I am facing is that when I receive the 409 error the redirect_to is not available in the response and I cannot redirect user back properly. Imagine the situation when the first request was handled and connection broke before consent provider received the response and consent provider is re-sending it once again.

[aeneasr]

Yeah that makes sense, tracking

[condemil]

Actually I just checked and see the same error for PUT /oauth2/auth/requests/consent/{id}/accept call too.

[kewde]

I ran into the same/similar issue but with DIFFERENT CHALLENGE IDs.

This occurs when consent remember is set to true and consent has been granted.
A second new request will have the consent information with skiptrue.
I was unable to accept the consent and redirect the user.

I'm using an in-memory cookie jar which gets destroyed each run. Occurs over different consent challenges.

[aeneasr]

This occurs when consent remember is set to true and consent has been granted.
A second new request will have the consent information with skiptrue.
I was unable to accept the consent and redirect the user.

This is because you've probably forgot to set remember to false when skip is true. This was intended as a safeguard but has lead to issues and will be fixed soon ( #1165 ).

[kewde]

Thanks, that solved it indeed!

[xiven]

I'm running into an issue where when I make the login request I notice that the login_challenge is not getting set on the response. I'm thinking this may be why I always have skip set to false on the accept consent response when I log in again even though I set the remember flag to true from the consent form. I'm not sure if that is related to #1165.
Why would the login_challenge not be getting set on login?