fix: transfer OAuth2 login challenge in account linking flow

jonas-jonas · ory-bot · commit 1ab143c5f542 · 2026-01-18T20:41:23.000Z
GitOrigin-RevId: b666119e260f3b0b2071161578b5179e49a89616
diff --git a/selfservice/flow/login/handler.go b/selfservice/flow/login/handler.go
@@ -130,6 +130,12 @@ func WithIsAccountLinking() FlowOption {
 	}
 }
 
+func WithLoginChallenge(loginChallenge string) FlowOption {
+	return func(f *Flow) {
+		f.OAuth2LoginChallenge = sqlxx.NullString(loginChallenge)
+	}
+}
+
 func (h *Handler) NewLoginFlow(w http.ResponseWriter, r *http.Request, ft flow.Type, opts ...FlowOption) (*Flow, *session.Session, error) {
 	conf := h.d.Config()
 	f, err := NewFlow(conf, conf.SelfServiceFlowLoginRequestLifespan(r.Context()), h.d.GenerateCSRFToken(r), r, ft)
diff --git a/selfservice/strategy/oidc/strategy_registration.go b/selfservice/strategy/oidc/strategy_registration.go
@@ -274,6 +274,9 @@ func (s *Strategy) registrationToLogin(ctx context.Context, w http.ResponseWrite
 	}
 
 	opts = append(opts, login.WithInternalContext(rf.InternalContext), login.WithIsAccountLinking())
+	if rf.OAuth2LoginChallenge != "" {
+		opts = append(opts, login.WithLoginChallenge(rf.OAuth2LoginChallenge.String()))
+	}
 
 	lf, _, err := s.d.LoginHandler().NewLoginFlow(w, r, rf.Type, opts...)
 	if err != nil {

Original file line number	Diff line number	Diff line change
`@@ -130,6 +130,12 @@ func WithIsAccountLinking() FlowOption {`
`130`	`130`	`}`
`131`	`131`	`}`
`132`	`132`
	`133`	`+func WithLoginChallenge(loginChallenge string) FlowOption {`
	`134`	`+ return func(f *Flow) {`
	`135`	`+ f.OAuth2LoginChallenge = sqlxx.NullString(loginChallenge)`
	`136`	`+ }`
	`137`	`+}`
	`138`	`+`
`133`	`139`	`func (h Handler) NewLoginFlow(w http.ResponseWriter, r http.Request, ft flow.Type, opts ...FlowOption) (Flow, session.Session, error) {`
`134`	`140`	`conf := h.d.Config()`
`135`	`141`	`f, err := NewFlow(conf, conf.SelfServiceFlowLoginRequestLifespan(r.Context()), h.d.GenerateCSRFToken(r), r, ft)`
Original file line number	Diff line number	Diff line change
`@@ -274,6 +274,9 @@ func (s *Strategy) registrationToLogin(ctx context.Context, w http.ResponseWrite`
`274`	`274`	`}`
`275`	`275`
`276`	`276`	`opts = append(opts, login.WithInternalContext(rf.InternalContext), login.WithIsAccountLinking())`
	`277`	`+ if rf.OAuth2LoginChallenge != "" {`
	`278`	`+ opts = append(opts, login.WithLoginChallenge(rf.OAuth2LoginChallenge.String()))`
	`279`	`+ }`
`277`	`280`
`278`	`281`	`lf, _, err := s.d.LoginHandler().NewLoginFlow(w, r, rf.Type, opts...)`
`279`	`282`	`if err != nil {`