https://www.ory.sh/ logo
Join Slack
Powered by
Hi, I'm having an issue with the Kratos admin api....
# talk-kratos
l
Hi, I'm having an issue with the Kratos admin api. Using the ory js client, the adminCreateIdentity works fine, but adminCreateSelfServiceRecoveryLink gives a 403. For an invite system, we're trying to create a user and then generate a password reset link to set up their credentials. 403 isn't documented as one of the errors, and my understanding was that the admin endpoints dont use credentials
More debugging and it seems like the adminCreateSelfServiceRecoveryLink endpoint is querying the Kratos public url
Copy code
{
  "message": "Request failed with status code 403",
  "name": "Error",
  "stack": "Error: Request failed with status code 403\n    at createError (C:\\Users\\user\\project\\node_modules\\@ory\\client\\node_modules\\axios\\lib\\core\\createError.js:16:15)\n    at settle (C:\\Users\\user\\project\\node_modules\\@ory\\client\\node_modules\\axios\\lib\\core\\settle.js:17:12)\n    at IncomingMessage.handleStreamEnd (C:\\Users\\user\\project\\node_modules\\@ory\\client\\node_modules\\axios\\lib\\adapters\\http.js:269:11)\n    at IncomingMessage.emit (node:events:539:35)\n    at endReadableNT (node:internal/streams/readable:1345:12)\n    at processTicksAndRejections (node:internal/process/task_queues:83:21)",
  "config": {
    "url": "<http://localhost:4433/admin/recovery/link>",
    "method": "post",
    "data": "{\"identity_id\":\"8f231bef-dbbe-47ca-975d-f0402e257220\"}",
    "headers": {
      "Accept": "application/json, text/plain, */*",
      "Content-Type": "application/json",
      "User-Agent": "axios/0.21.4",
      "Content-Length": 54
    },
    "transformRequest": [
      null
    ],
    "transformResponse": [
      null
    ],
    "timeout": 0,
    "xsrfCookieName": "XSRF-TOKEN",
    "xsrfHeaderName": "X-XSRF-TOKEN",
    "maxContentLength": -1,
    "maxBodyLength": -1,
    "transitional": {
      "silentJSONParsing": true,
      "forcedJSONParsing": true,
      "clarifyTimeoutError": false
    }
  }
}
e
Are you sending your PAT as the Authorization (type Bearer) header?
l
No, this is for the admin api which is being accessed from the backend server without credentials https://github.com/ory/kratos/issues/2553
the problem is that the typescript ory client is hitting the wrong endpoint for the admin API on that request
we did a workaround by just building our own request to the admin api
32 Views
Open in Slack
PreviousNext
Powered by