login_challenge from the ConsentChallenge doesn't match the AEAD-encoded login_challenge from the LoginRequest

[hcjulz]

Preflight checklist

• I could not find a solution in the existing issues, docs, nor discussions.
• I agree to follow this project's Code of Conduct.
• I have read and am following this repository's Contribution Guidelines.
• I have joined the Ory Community Slack.
• I am signed up to the Ory Security Patch Newsletter.

Ory Network Project

No response

Describe the bug

Hello 👋

This is related to the Hydra server version v2.2.0 using go-hydra-client v2.2.1

From the API docs on the login_challenge field in the response:

LoginChallenge is the login challenge this consent challenge belongs to. It can be used to associate a login and consent request in the login & consent app.

It seems not to be possible anymore to associate the a login request from the consent app using this value anymore.

The login challenge from the Ory Hydra LoginRequest differs from the LoginChallenge value in the ConsentRequest retrieved from the hydra.GetConsentRequest API call.

I was comparing the login challenges: the login_challenge from the ConsentRequest is an UUID and not a AEAD-encoded login challenge.

My consent app is doing a check based on the login challenge in the login request, which is failing due to the mismatch.

Thank you!

Reproducing the bug

Steps to reproduce this behavior:

1. Run Hydra and your login/consent app
2. When receiving a login request in from Hydra in your login app, store the challenge.
3. Accept the login request
4. When receiving a consent request, get the consent request object using the consent challenge via the GetConsentRequest API endpoint.
5. Compare the stored login challenge with the login challenge from the consent request object.

Relevant log output

No response

Relevant configuration

No response

Version

v2.2.0

On which operating system are you observing this issue?

Linux

In which environment are you deploying?

Docker Compose

Additional Context

No response