I have an issue with setting up 2fa where I have kratos setup locally and am able to complete all the 2fa steps but when deployed I’m getting 404

Unable to locate the resource

when submitting the settings endpoint with the following payload. Anyone run into this situation before?

csrf_token: "xxx"
method: "totp"
totp_code: "654840"

Hello @ripe-megabyte-17595 it’s not entirely clear what could be causing the 404 error you’re experiencing when submitting the settings endpoint. However, there are a few things you might want to check: 1. Domain Configuration: Ory Kratos and your UI must be hosted on the same top level domain. You cannot host Ory Kratos and your UI on separate top level domains. For example,

<http://kratos.bar.com|kratos.bar.com>

and

<http://ui.bar.com|ui.bar.com>

will work, but

<http://kratos.bar.com|kratos.bar.com>

and

<http://not-ar.com|not-ar.com>

will not work. documentation 2. CSRF Troubleshooting: If you’re experiencing issues related to CSRF tokens, you might want to check out the CSRF troubleshooting guide specific to self-hosted Ory Kratos Identity Server instances. documentation 3. TOTP Configuration: Ensure that you have correctly configured TOTP in your self-hosted Kratos instance by adding the

totp

method to

selfservice/methods

in the configuration file. documentation

Appreciate you reviewing but don’t believe any of these apply to us. 1 & 2 I believe would be an issue in other areas but it the issue only applies to setup of 2FA. And for 3 have doubled and tripled check its enabled. Below is our kratos config.

ciphers:
      algorithm: xchacha20-poly1305
    courier:
      smtp:
        from_address: <mailto:identity@holaplex.com|identity@holaplex.com>
        from_name: Holaplex Hub - Identity
    hashers:
      argon2:
        iterations: 5
        key_length: 16
        memory: 128MB
        parallelism: 24
        salt_length: 16
    identity:
      default_schema_id: default
      schemas:
      - id: default
        url: file:///etc/config/identity.default.schema.json
    log:
      format: json
      leak_sensitive_values: true
      level: info
    selfservice:
      allowed_return_urls:
      - <https://hub.holaplex.dev>
      - /login
      - /organizations
      - /projects
      default_browser_return_url: <https://hub.holaplex.dev/organizations>
      flows:
        error:
          ui_url: <https://hub.holaplex.dev/id/error>
        login:
          lifespan: 10m
          ui_url: <https://hub.holaplex.dev/login>
        logout:
          after:
            default_browser_return_url: <https://hub.holaplex.dev/login>
        recovery:
          after:
            default_browser_return_url: <https://hub.holaplex.dev/recovery/reset>
            hooks:
            - hook: revoke_active_sessions
          enabled: true
          lifespan: 15m
          notify_unknown_recipients: false
          ui_url: <https://hub.holaplex.dev/recovery>
          use: code
        registration:
          after:
            oidc:
              hooks:
              - hook: session
            password:
              hooks:
              - hook: session
              - hook: show_verification_ui
          lifespan: 10m
          ui_url: <https://hub.holaplex.dev/registration>
        settings:
          privileged_session_max_age: 15m
          required_aal: highest_available
          ui_url: <https://hub.holaplex.dev/profile/edit>
        verification:
          after:
            default_browser_return_url: <https://hub.holaplex.dev/login>
          enabled: true
          ui_url: <https://hub.holaplex.dev/verification>
          use: code
      methods:
        code:
          config:
            lifespan: 15m
          enabled: true
        link:
          config:
            base_url: <https://hub.holaplex.dev/id>
            lifespan: 15m
          enabled: true
        lookup_secret:
          enabled: true
        oidc:
          config:
            providers:
            - auth_url: <https://accounts.google.com/o/oauth2/v2/auth>
              client_id: fromEnv
              client_secret: fromEnv
              id: google
              issuer_url: <https://accounts.google.com>
              mapper_url: file:///etc/config/oidc/google/mapping.jsonnet
              provider: google
              requested_claims:
                id_token:
                  email:
                    essential: true
                  email_verified:
                    essential: true
                  family_name: null
                  given_name:
                    essential: true
                  hd:
                    essential: false
                  picture:
                    essential: false
              scope:
              - openid
              - email
              - profile
              token_url: <https://www.googleapis.com/oauth2/v4/token>
          enabled: false
        password:
          config:
            haveibeenpwned_enabled: true
            identifier_similarity_check_enabled: true
            ignore_network_errors: false
            max_breaches: 0
            min_password_length: 8
          enabled: true
        totp:
          config:
            issuer: Holaplex Dev
          enabled: true
    serve:
      admin:
        base_url: <http://kratos-admin:80>
        port: 4434
        request_log:
          disable_for_health: true
      public:
        base_url: <https://hub.holaplex.dev/id>
        cors:
          allowed_headers:
          - Authorization
          - Cookie
          - Content-Type
          allowed_methods:
          - POST
          - GET
          - PUT
          - PATCH
          - DELETE
          allowed_origins:
          - <https://hub.holaplex.dev>
          - <https://kratos.holaplex.dev>
          - https://*.holaplex.dev
          enabled: true
          exposed_headers:
          - Content-Type
          - Set-Cookie
        port: 4433
    session:
      cookie:
        domain: hub.holaplex.dev
        name: hub_session
      lifespan: 720h
    version: v1.0.0