https://www.ory.sh/ logo
Join Slack
Powered by
In the Ory Kratos recovery and verification flow e...
# talk-kratos
i
In the Ory Kratos recovery and verification flow emails, the URL link provided points to the my Ory Kratos server which will then redirect to the given redirection URL. Is this the proper way to use it in production? Is there a way to change the URL and mask the Ory Kratos server address from the users? Should I set the public endpoint to only allow the method 
POST
and run all my other requests against the admin endpoint? Does the admin endpoint all all methods or is that something that I need to set as well? I can't seem to run any of the API requests against the admin base url. 🤔 When I try to make a call to http://localhost:4434/self-service/login/flows, it will redirect me to http://localhost:4433/self-service/login/flows. Thanks!
b
It doesn’t just redirect, it also processes the request. So, yes this is the intended behavior. The admin endpoint is only intended for admin requests, and contains a redirect to the public API for public endpoints out of convinience.
i
Thanks for the response @bland-eye-99092. Is there any documentation on this? I would like to get a better understanding of when to use the admin endpoint and when to use the public endpoint. Also is it safe to set the public endpoint to allow for both 
GET
and 
POST
methods? In the documentation here I noticed that the public endpoint is only set to allow 
POST
methods. • https://www.ory.sh/docs/kratos/reference/configuration
Hi just wanted to bump this for some attention. @bland-eye-99092 @magnificent-energy-493 Thanks!
b
The admin api is supposed to be hidden behind some kind of authorization proxy (like Ory Oathkeeper) and should only be used while using the admin API endpoints.
In the documentation here I noticed that the public endpoint is only set to allow 
POST
methods.
Could you point me to where that is stated? The public API uses both GET and POST.
i
You are correct. I miss read the configuration example. Thank you. So both the user and my application should be making calls the the public endpoint, is that the correct understanding?
Is there documentation on how to get production ready with Ory Kratos?
b
Not sure how up to date this is, but yes, here: https://www.ory.sh/docs/kratos/guides/deploy-kratos-example
So both the user and my application should be making calls the the public endpoint, is that the correct understanding?
Your (backend?) application will make requests to the public endpoint whenever you want to check the user’s session. Your frontend application, whenever you want to make changes to the user’s auth state.
i
Thank you!
19 Views
Open in Slack
PreviousNext
Powered by