This message was deleted Ory Community #general

Join Slack

This message was deleted.

# general

microscopic-answer-24504

02/16/2024, 12:58 PM

This message was deleted.

abundant-beach-2212

02/16/2024, 1:00 PM

Login Step 1:

*GET* https://<instance>.<http://projects.oryapis.com/self-service/login/api|projects.oryapis.com/self-service/login/api>

Step 2:

POST https://<instance>.<http://projects.oryapis.com/self-service/login?flow={{flowID}}|projects.oryapis.com/self-service/login?flow={{flowID}}>

Reponse (status 400):

Copy code

{
  "id": "535b6cb3-d9c9-4034-9619-9708258fa735",
  "organization_id": null,
  "type": "api",
  "expires_at": "2024-02-16T13:24:48.980468Z",
  "issued_at": "2024-02-16T12:54:48.980468Z",
  "request_url": "https://<instance>.projects.oryapis.com/self-service/login/api",
  "active": "code",
  "ui": {
    "action": "https://<instance>.projects.oryapis.com/self-service/login?flow=535b6cb3-d9c9-4034-9619-9708258fa735",
    "method": "POST",
    "nodes": [
      {
        "type": "input",
        "group": "default",
        "attributes": {
          "name": "csrf_token",
          "type": "hidden",
          "value": "",
          "required": true,
          "disabled": false,
          "node_type": "input"
        },
        "messages": [],
        "meta": {}
      },
      {
        "type": "input",
        "group": "default",
        "attributes": {
          "name": "identifier",
          "type": "hidden",
          "value": "jaceto@jeunupo.ec",
          "required": true,
          "disabled": false,
          "node_type": "input"
        },
        "messages": [],
        "meta": {
          "label": {
            "id": 1070002,
            "text": "E-Mail",
            "type": "info",
            "context": {
              "title": "E-Mail"
            }
          }
        }
      },
      {
        "type": "input",
        "group": "code",
        "attributes": {
          "name": "method",
          "type": "hidden",
          "value": "code",
          "disabled": false,
          "node_type": "input"
        },
        "messages": [],
        "meta": {}
      },
      {
        "type": "input",
        "group": "code",
        "attributes": {
          "name": "code",
          "type": "text",
          "required": true,
          "disabled": false,
          "node_type": "input"
        },
        "messages": [],
        "meta": {
          "label": {
            "id": 1070013,
            "text": "Login code",
            "type": "info"
          }
        }
      },
      {
        "type": "input",
        "group": "code",
        "attributes": {
          "name": "method",
          "type": "submit",
          "value": "code",
          "disabled": false,
          "node_type": "input"
        },
        "messages": [],
        "meta": {
          "label": {
            "id": 1070005,
            "text": "Submit",
            "type": "info"
          }
        }
      },
      {
        "type": "input",
        "group": "code",
        "attributes": {
          "name": "resend",
          "type": "submit",
          "value": "code",
          "disabled": false,
          "node_type": "input"
        },
        "messages": [],
        "meta": {
          "label": {
            "id": 1070008,
            "text": "Resend code",
            "type": "info"
          }
        }
      }
    ],
    "messages": [
      {
        "id": 1010014,
        "text": "An email containing a code has been sent to the email address you provided. If you have not received an email, check the spelling of the address and retry the login.",
        "type": "info"
      }
    ]
  },
  "created_at": "2024-02-16T12:54:48.989312Z",
  "updated_at": "2024-02-16T12:54:48.989312Z",
  "refresh": false,
  "requested_aal": "aal1",
  "state": "sent_email"
}

abundant-beach-2212

02/16/2024, 1:01 PM

Same this with the registration flow. I can share the details if needed

refined-kangaroo-48640

02/19/2024, 4:18 PM

Hey @abundant-beach-2212. Glad to hear you're enjoying Ory. 👍 Login with code is a pretty new feature, and you've found a rough edge. The reason this endpoint returns 400 here is because of symmetry with other authentication methods (say password). In those flows, we return 400 for example when there's a form validation error (say password too short). The semantics being that another user action is required (submit a longer password) and that another

POST

to the same endpoint is expected to continue the flow. In the case of login-via-OTP-code, we return 400 here to indicate that another action is required to complete the login (user must input the code).

refined-kangaroo-48640

02/19/2024, 4:20 PM

Similarly, during API flows where the user logs in via OIDC, we return a

status code in this case, indicating that the user must continue their login journey in a browser.

refined-kangaroo-48640

02/19/2024, 4:22 PM

We return 200 from this endpoint only once the login flow is complete (user signed in), but not before.

abundant-beach-2212

02/19/2024, 4:25 PM

ok, thanks Arne. So I take it that currently there is no way to not get a 400 when sending the code, is that right?

refined-kangaroo-48640

02/19/2024, 4:26 PM

Yes that's right. I feel like we should be returning a 201 or 202 code instead of 400 here. But for the moment, 400 means "go on". 😄

abundant-beach-2212

02/19/2024, 4:34 PM

ahah ok, I'll feed that back to the team. Thanks again Arne!

👍 1

able-dream-62808

02/20/2024, 4:52 PM

I was looking at the same thing today and wondered why I got a 400 response at the Login with code. @refined-kangaroo-48640 indeed a 201 would be less confusing. But thanks for the clarification!

Open in Slack

Previous Next