Hello again! In my previous post I was trying to get the csrf_token and now I am able to obtain it, however, I still end up with the same error: 403 forbidden security_csrf_violation - The anti-CSRF cookie was found but the CSRF token was not included in the HTTP request body (csrf_token) nor in the HTTP Header (X-CSRF-Token).","reject_reason":"The HTTP Cookie Header was set and a CSRF token was sent but they do not match. We recommend deleting all cookies for this domain and retrying the flow."},"message":"the request was rejected to protect you from Cross-Site-Request-Forgery"}}. I do not have any cocokies and the code now looks like this: "

Configuration config = new Configuration();

config.BasePath = "<http://127.0.0.1:4433/>";

var frontendApi = new FrontendApi(config);

var cookieHeader = ctx.Request.Headers["cookie"];

var loginflow = frontendApi.CreateBrowserLoginFlow(cookie: cookieHeader);

var flowId = loginflow.Id;

// Find the CSRF token

string csrfToken = null;

foreach (var node in loginflow.Ui.Nodes)

{

if (node.Attributes.ActualInstance is KratosUiNodeInputAttributes inputAttributes)

{

if (inputAttributes.Name == "csrf_token")

{

csrfToken = inputAttributes.Value.ToString();

break;

}

}

}

if (csrfToken == null)

{

throw new Exception("CSRF token not found in login flow");

}

KratosUpdateLoginFlowWithPasswordMethod method = new(csrfToken, request.Email, "password", request.Password);

var updateLoginFlowBody = new KratosUpdateLoginFlowBody(method);

var result = frontendApi.UpdateLoginFlow(flowId, updateLoginFlowBody, cookie: cookieHeader);

var session = result.Session;"

.. any ideas where should be the problem?? I double checked and compared if token and flowId values are the same and yes, they are.. I will be thankful for any help

Hmm could be several things. See the CSRF troubleshooting doc: https://www.ory.sh/docs/troubleshooting/csrf Also some tips: 1. Ensure the CSRF token is being sent correctly: In your code, you're extracting the CSRF token from the login flow and including it in the body of the request to update the login flow. This is the correct approach as per the Ory documentation. Make sure that the CSRF token is being included correctly in the request body. 2. Check the CSRF cookie: The CSRF cookie should be set automatically by your browser when you initiate the login flow. You're passing this cookie in the

cookie

parameter of the

CreateBrowserLoginFlow

and

UpdateLoginFlow

methods. Make sure that this cookie is being sent correctly. 3. Clear your cookies: The error message suggests clearing all cookies for the domain and retrying the flow. This could help if there's an old or invalid CSRF cookie that's causing the issue. 4. Check for issues with your environment or setup: There could be issues with your environment or setup that are causing the CSRF check to fail. For example, if you're running your application behind a proxy, the proxy could be stripping or modifying the CSRF cookie or token.