Hey guys, I had one strange query.
As I am tryi...
# ory-selfhostingi
incalculable-arm-99332
10/08/2024, 2:29 PMHey guys, I had one strange query.
As I am trying to hit the self-service login api, but not getting webauthn node from it.
Adding my
kratos.ymlidentity.schema.json Copy code
{
"$id": "<https://schemas.ory.sh/presets/kratos/quickstart/email-password/identity.schema.json>",
"$schema": "<http://json-schema.org/draft-07/schema#>",
"title": "Person",
"type": "object",
"properties": {
"traits": {
"type": "object",
"properties": {
"email": {
"type": "string",
"format": "email",
"title": "E-Mail",
"minLength": 3,
"<http://ory.sh/kratos|ory.sh/kratos>": {
"credentials": {
"password": {
"identifier": true
},
"webauthn": {
"identifier": true
},
"passkey": {
"display_name": true
},
"code": {
"identifier": true,
"via": "email"
}
},
"verification": {
"via": "email"
},
"recovery": {
"via": "email"
}
}
},
"phone": {
"type": "string",
"format": "tel",
"title": "Phone number",
"minLength": 3,
"<http://ory.sh/kratos|ory.sh/kratos>": {
"credentials": {
"password": {
"identifier": true
}
}
}
},
"name": {
"type": "object",
"properties": {
"first": {
"title": "First Name",
"type": "string"
},
"last": {
"title": "Last Name",
"type": "string"
}
}
}
},
"required": [
"email",
"phone"
],
"additionalProperties": false
}
}
} Copy code
version: v1.2.0
dsn: memory
serve:
public:
base_url: <http://localhost:4433/>
cors:
enabled: true
allowed_origins:
- <http://localhost:3000>
allowed_methods:
- GET
- POST
- PUT
- DELETE
- OPTIONS
allowed_headers:
- Authorization
- Content-Type
- X-Requested-With
- Accept
exposed_headers:
- Content-Type
allow_credentials: true
admin:
base_url: <http://kratos:4434/>
session:
whoami:
required_aal: aal1
selfservice:
default_browser_return_url: <http://localhost:4455/>
allowed_return_urls:
- <http://localhost:4455>
- <http://localhost:3000>
- <http://localhost:4433>
methods:
password:
enabled: true
passkey:
enabled: true
config:
rp:
id: localhost
origins:
- <http://localhost:4455>
- <http://localhost:3000>
- <http://localhost:4433>
display_name: "My Display Name"
webauthn:
enabled: true
config:
rp:
id: localhost
origins:
- <http://localhost:4455>
- <http://localhost:3000>
display_name: "March 2024"
code:
mfa_enabled: false
passwordless_enabled: true
oidc:
config:
providers:
- id: google # this is `<provider-id>` in the Authorization callback URL. DO NOT CHANGE IT ONCE SET!
provider: google
client_id: <google-client-id>
client_secret: <google-client-secret>
mapper_url: file:///etc/config/kratos/oidc/google.schema.jsonnet
scope:
- openid
- email
- profile
# other supported scopes can be found in Google OAuth 2.0 dev docs
requested_claims:
id_token:
email:
essential: true
email_verified:
essential: true
given_name:
essential: true
family_name: null
hd: null # If you want the Google Workspace domain
enabled: true
flows:
error:
ui_url: <http://localhost:4455/error>
settings:
ui_url: <http://localhost:4455/settings>
privileged_session_max_age: 15m
recovery:
enabled: true
ui_url: <http://localhost:4455/recovery>
verification:
enabled: true
ui_url: <http://localhost:4455/verification>
after:
default_browser_return_url: <http://localhost:4455/>
logout:
after:
default_browser_return_url: <http://localhost:4455/login>
login:
ui_url: <http://localhost:4455/login>
lifespan: 10m
after:
oidc:
default_browser_return_url: <http://localhost:3000/auth/complete-google-login>
registration:
lifespan: 10m
ui_url: <http://localhost:4455/registration>
after:
password:
hooks:
- hook: session
webauthn:
hooks:
- hook: session
log:
level: debug
format: text
leak_sensitive_values: true
secrets:
cookie:
- PLEASE-CHANGE-ME-I-AM-VERY-INSECURE
cipher:
- 32-LONG-SECRET-NOT-SECURE-AT-ALL
ciphers:
algorithm: xchacha20-poly1305
hashers:
algorithm: bcrypt
bcrypt:
cost: 8
identity:
default_schema_id: default
schemas:
- id: default
url: file:///etc/config/kratos/identity.schema.json
courier:
smtp:
connection_uri: <smtp-connection-uri>
from_address: <from-address>
from_name: <from-name>
channels:
- id: sms
type: http
request_config:
url: <sms-url>
method: POST
body: <sms-body>
headers:
Content-Type: application/x-www-form-urlencoded
auth:
type: basic_auth
config:
user: <twilio-account-sid>
password: <twilio-auth-token>b
bland-eye-99092
10/08/2024, 2:34 PMbut not getting webauthn node from it.what exactly are you doing when you don't receive the node?
i
incalculable-arm-99332
10/08/2024, 3:11 PMNeed to follow this - https://www.ory.sh/docs/kratos/bring-your-own-ui/custom-ui-advanced-integration#passwordless-authentication
But not exactly, I am trying to do same on Vanilla JS
b
bland-eye-99092
10/08/2024, 3:32 PMCould you post the code, that you're using?
i
incalculable-arm-99332
10/08/2024, 3:33 PM Copy code
const response = await fetch('<http://localhost:4433/self-service/login/api>');
const flow = await response.json();
// Find the WebAuthn configuration from the flow data
const webAuthnNode = flow.ui.nodes.find((node) => node.group === 'webauthn');
if (!webAuthnNode) {
alert('WebAuthn not supported for this login flow.');
return;
}b
bland-eye-99092
10/08/2024, 3:33 PMWebauthn doesn't work on the API flows, because most native clients don't support it yet.
i
incalculable-arm-99332
10/08/2024, 3:34 PM@tall-keyboard-87198
okay, thanks for clarifying, can you suggest me a way to do it.
incalculable-arm-99332
10/08/2024, 3:35 PMLeaving API flow aside, but is there anyother way rather doing browser based flow and then redirecting it along side to work it out.
b
bland-eye-99092
10/08/2024, 3:35 PMusing a browser is the only way for now.
i
incalculable-arm-99332
10/08/2024, 3:36 PMfor mobile app, then how does’t goes.
incalculable-arm-99332
10/08/2024, 3:36 PMIs JS SDK able to handle it?
incalculable-arm-99332
10/08/2024, 3:37 PMAnyway thanks for replying, I will try to look more into browser based view
b
bland-eye-99092
10/08/2024, 3:38 PMOry does not support webauthn on mobile apps.
I believe most mobile platforms don't even support it, or rather only support passkeys.
9 Views