OAuth2LoginRequest.skip is false when another ClientId to access Ory Hydra

[baominwang]

I use client1 to sign in with ory. I find that "ory_hydra_session_dev" cookie is set. When I try to use client2 to sign in with Ory, after login-and-consent query the login request, the parameter of skip is false. What's the reason?

[vinckr]

Hello @baominwang

The skip parameter in the login request is used to indicate whether the client has previously requested the same scopes from the same user. If skip is true, it implies that the client has requested the same scopes from the same user previously. In this case, you can skip asking the user to grant the requested scopes, and simply forward the user to the redirect URL. This feature allows you to update or set session information.
In your case, when you try to use client2 to sign in with Ory, the skip parameter is false. This could be because client2 has not previously requested the same scopes from the same user, or the session information for client2 is not available or not the same as client1.
Remember that the skip parameter is related to the specific client and user combination, not just the user. So even if the same user has granted scopes to client1, it doesn't mean they have granted the same scopes to client2.