hello, I have kratos setup and runs well for some weeks until I got csrf mismatch error lately. I did review page https://www.ory.sh/kratos/docs/next/debug/csrf/ and found this content:

We do not recommend running them on separate subdomains, e.g. <https://kratos.my-website/> and <https://secureapp.my-website/>.

Why do you have that recommendation? just currently I set it up like that way. In case I continue with that way, is there any advice for me to get rid of csrf issue? Thanks so much.

Can we test kratos API without UI or Forms. Directly sending hard-coded username+password data through an API class?

Hello, I have query regarding Next.js and Ory Integration, I can see session can be set based

kratos

but this same is available on server side?

Hi everyone! We are implementing Kratos on a React App, using the guides in your documentation. However, we are facing some difficulties. One is the way of how to tell if the user is logged in or not. HttpOnly cookies afaik, are not readable by JS, and I wanted to know what is the recommended way of getting this to work. The other question is related to the Client SDK for JS. I wanted to know if it has a stable version and if we can use it in production.

Hi there ! Is there any plan to have the ability to integrate messaging when handling hooks in Kratos ? I'm thinking of MQTT, Kafka or NATS integration for example

Is there a way to set up passwordless auth? I just want to send an email or text every time the user wants to sign in

Hello all, I have a small question. In my application, we will have two types of users, staff and customer. Both of them will have also some roles. Now, I have two sign-in (one for customer and one for staff), but only one sign-up (for customer), staff being created from the admin api. My question is, because of that, I think I should create two different kratos project right? I can not use two identity schema, because I will not be able to remove sign-up for just one schema in the future when it will be possible? Also, I saw this issue (https://github.com/ory/kratos/issues/765), but I don’t think it is possible right now to choose with identity schema to use for a specific sign-in page right? So my best option is to create two different kratos projects, one for staff, and one for employe right?

Hi! Is there any clear documentation about password validation? I want to pre validat with my frontend. Like at least 8 characters. But are there more rules which I can use?

This is an amazing place with amazing people, I'm here again for another purpose. "Is there somebody who have used kretos Python SDK in their applications for user registration, I need a demo in Python."

Hello everyone, I have again a question about the SDK. I am currently working on the implementation of SAML in Kratos. So I modified the code accordingly by adding new endpoints. I would like these endpoints to be accessible via the SDK. How could I recompile the SDK from the Kratos docker I created locally? Thanks in advance 🙂

is the self-service app something one could use in the production environment to manage users if you do not wish to design a user management system yourself?

Hello. Is there any way to intercept form submissions for browser based login, registration, recovery, settings flow by means of a middleware?

Hi, after looking over documentation, it seems that kratos allows users to update password without first confirming their existing one. Is this something on the roadmap? This can be a security concern (anyone logged in can update user password, say on a shared computer). Most account providers require the old password, right?

Hello all, I am just trying out ory and wanted to setup the ory cloud self service registration flow. To do so I have to (if I understood correctly) fetch the following project-url to get the flow id (https://myproject.oryapis.com/api/kratos/public/self-service/registration/browser). I am currently developing locally on my machine under localhost:3000 So I added in the Cloud Console under "Browser redirects" my URLs as shown in the picture But I am getting CORS error when trying to fetch the project-url (picture 2) Despite the CORS error the flow id is echoed back in the response headers but it is not the 302 redirect I was expecting from the docs. Am I missing something here?

Hi everybody ! I'm currently working on the SAML integration for Kratos. I would like to modify the documentation to add new API calls to use the new methods I wrote in go in the Kratos code. Would there be any documentation available on the methodology to modify the SDK? From what I understand, the SDK is auto-generated by OpenAPI but I don't really see how to modify it. Thanks in advance :))

Hello, We need to check cookies for every request in our express backend, for every request we need to send request for /session/whoami endpoint which adds delay. Is there any alternate way to check cookies

Hello folks, I've opened a design doc for Twitter integration #2116 and a corresponding PR #2117 for all of you to look at so you have an idea how it looks like. It doesn't require too many changes to current implementation. Please leave a comment and suggest what needs to be done to get it merged. Thanks team #ory and community

Is it possible for admins to store data on users but not allow the user to update that data?

Hi, I just ran Ory Kratos in local and tested it successfully. But, when I tried to run it on a Kubernetes cluster, I get

ERR_TOO_MANY_REDIRECTS

I changed lots of configs, but couldn’t fix that.

are you following https://www.ory.sh/kratos/docs/quickstart ?

Hi, does anyone have suggestions as to how to find out if the user is hitting the settings flow for the FIRST time after logging in? The use case is that I'd like to set the site language based on user trait, but only if it's immediately after logging in. Otherwise if users change locale on the site they would be reset to their original preference after every refresh which isn't desirable

You won't lose any data when you run this command but make a back up before!

Ah I remember why - we only have one method „link“ and using enum was causing problems with some generators because it only has one choice

Hi, all! I've a newbie question. I am currently tooling a test env for a project using Kratos & Keto. I've built my own docker-compose files with the inspiration of the examples founds in the doc. It worked. However when configuring the Kratos service, I had to configure an admin endpoint. It turns out that the endpoint is returned in messages replies. Is there a way to configure Kratos in a way that allows me to test it from BOTH within a docker-compose (where the URL should be

kratos:4434

AND my localhost where the URL should be

localhost:4434

?

hello, I'd like to setup web hook after registration

pre persist

, how can I do that? there is no document / example about this config

Hi! I'm currently in the process of checking out the API endpoints of Kratos, and noticed the

/schemas

endpoint is open to the public, yet it doesn't even exist for the admin API. Since I want to use Kratos for customer authentication, as well as employee authentication and partners authentication, I would like to "obfuscate" the available identity schemas. People with access to the public Kratos API shouldn't be able to see what kind of internal schemas we use. Why is it even public, yet not available under the admin API? I'm a bit confused here, since I'm not really all too versed in IAM. Are schemas supposed to be public to everybody? Is security though obfuscation not a thing in IAM? (Not telling the world what kind of authentication structure your company has should be the default, shouldn't it?) Would be great if somebody could explain the reasoning to me here 🙂

Howdy. Was wondering what the difference is between creating a user and sending them a password recovery link, and inviting a user? Are they essentially equivalent except that inviting a user prompts for firstname and lastname?

Hi, a login flow doesn't contain a button for account recovery, right? Is this something that is just expected to be implemented by the UI? To me it feels a bit weird adding this button manually, so I was wondering if it is supposed to be like that and if i could somehow add this button using the kratos config.

Hi, is there any tool / command or admin api which I can use to get session id from cookie? I want to check validity of cookie, it'll be easier if we have tool like that

Hi, I have a quick question: could someone tell me where the configuration YAML file processing is in the Kratos code? I can't seem to find it. Thanks 🙂