The error message you're seeing indicates that the

via

query parameter is missing when trying to perform an AAL2 login via code. This parameter is used to specify which trait to use for delivering the code to the user. To resolve this error, you need to include the

via

parameter in your request and set it to the identifier of the trait you want to use for delivering the code. For example, if you have a trait called

phone_number

, you'd set

via

to

phone_number

. Here's an example of how you might structure your request:

/self-service/login/browser?aal=aal2&via=phone_number

In this example,

aal=aal2

initiates a new login flow for an already existing session with a higher level of authentication (AAL2), and

via=phone_number

specifies that the code should be delivered to the user's phone number. Please ensure that the trait you're using with the

via

parameter exists in your identity schema and is not empty in the current identity. If the trait does not exist or is empty, Ory will return an error. For more information, you can refer to the [Ory documentation on MFA via SMS](https://www.ory.sh/docs/kratos/mfa/mfa-via-sms#integration).

In the provided Next.js implementation, the

via

parameter is indeed not mentioned. This parameter is used when you want to initiate a multi-factor authentication (MFA) flow, specifically an AAL2 flow, where you need to specify the trait to use for delivering the code to the user. If you want to include the

via

parameter in your request, you can modify your

createBrowserLoginFlow

function call to include it. Here's how you might do it:

javascript ory   .createBrowserLoginFlow({     refresh: Boolean(refresh),     aal: aal ? String(aal) : undefined,     returnTo: returnTo ? String(returnTo) : undefined,     via: 'phone_number', // Add this line   })                                                       .then(({ data }) => {     setFlow(data)   })   .catch(handleFlowError(router, "login", setFlow))

In this example,

via: 'phone_number'

is added to the request. This means that the code for the AAL2 login will be sent to the user's phone number. Please replace

'phone_number'

with the actual trait you have in your identity schema for delivering the code. Remember, the trait you're using with the

via

parameter should exist in your identity schema and should not be empty in the current identity. If the trait does not exist or is empty, Ory will return an error. For more information, you can refer to the [Ory documentation on MFA via SMS](https://www.ory.sh/docs/kratos/mfa/mfa-via-sms#integration).

You're welcome! I'm glad to hear that your issue has been resolved. If you have any more questions or run into any other issues, feel free to ask. Happy coding!

To disable updates on certain fields in the user profile, you would need to modify the Identity Schema that Ory Kratos uses to validate user traits. However, the provided knowledge sources do not contain specific information on how to disable updates on certain fields. The Identity Schema is a JSON Schema that defines what traits a user can have and the validation rules for those traits. By default, all fields defined in the Identity Schema are editable during the profile update flow. If you want to prevent certain fields from being updated, you might need to implement custom logic in your application to ignore updates to those fields. This could be done in the part of your application that handles the profile update requests. For more detailed information on how to work with Identity Schemas, you can refer to the [Ory Kratos Identity Schema documentation](https://www.ory.sh/docs/kratos/manage-identities/identity-schema).