This issue is likely related to how cookies are configured in your Ory setup, particularly with regards to subdomains. Here are a few key points to consider: 1. Cookie Domain Setting: By default, Ory sets cookies for the specific domain it's running on. To allow cookies to be sent to subdomains, you need to configure the cookie domain properly. As mentioned in the [Ory Kratos documentation](https://www.ory.sh/docs/kratos/guides/configuring-cookies), you can adjust the session cookie's domain using:

yaml    session:      cookie:        domain: <http://your-main-domain.com|your-main-domain.com>

This setting allows the cookie to be sent to all subdomains of

<http://your-main-domain.com|your-main-domain.com>

. 2. Same-Site Attribute: The SameSite attribute of the cookie might be restricting its transmission to subdomains. You can adjust this in your configuration as well:

yaml    session:      cookie:        same_site: Lax

[Ory's cookie-based security model documentation](https://www.ory.sh/docs/security-model) explains that they use SameSite=Strict by default, which could prevent cookies from being sent to subdomains in some cases. 3. HTTPS Requirement: Ory cookies are typically set with the 'secure' flag, meaning they're only sent over HTTPS connections. Ensure that your subdomains are also using HTTPS. 4. Public Suffix Domains: If you're using a domain that's on the public suffix list, you might encounter issues. As mentioned in the [CSRF troubleshooting documentation](https://www.ory.sh/docs/troubleshooting/csrf), you may need to use a subdomain that's not on the public suffix list. 5. Local Development: If you're testing locally, make sure you're using the Ory Tunnel correctly, as explained in the [local development documentation](https://www.ory.sh/docs/getting-started/local-development#local-development). If you've checked all these points and are still having issues, you might need to review your specific setup and configuration. Remember that cookie behavior can be complex, especially when dealing with subdomains and security settings.

@chilly-king-10285 how can i set cookie properties to work on sub domains as well in ory network

To set cookie properties in Ory Network to work on subdomains as well, you need to configure the cookie domain correctly. Here's how you can do it: 1. Custom Domain Setup: First, ensure you have set up a custom domain for your Ory Network project. This is available for paid plans only. You can add a custom domain in the Ory Console under Branding → Custom domains [as described in the Ory documentation](https://www.ory.sh/docs/guides/custom-domains). 2. Configure Cookie Domain: When setting up your custom domain, you'll have the option to set the Cookie Domain. This should be set to the root domain of your application. For example, if your application runs on

<http://app.example.com|app.example.com>

, you would set the Cookie Domain to

<http://example.com|example.com>

. This allows the cookie to be available on this domain and all its subdomains [as explained in the custom domains guide](https://www.ory.sh/docs/guides/custom-domains). 3. SDK Configuration: After setting up the custom domain, update your SDK configuration to use the custom domain URL. For example:

typescript    const ory = new sdk.FrontendApi(      new sdk.Configuration({        basePath: "<https://ory.example.org>",        baseOptions: {          withCredentials: true,        },      }),    )

This ensures that your application uses the correct domain for API requests [as shown in the Express.js integration guide](https://www.ory.sh/docs/getting-started/integrate-auth/expressjs#go-to-production). 4. CORS Configuration: If you're using Single Page Applications (SPAs), make sure to add the appropriate CORS origins to your custom domain settings. Ory Network allows up to 50 origins [according to the custom domains documentation](https://www.ory.sh/docs/guides/custom-domains). By following these steps, your Ory Network cookies should work across your main domain and its subdomains. Remember that this feature is only available on paid plans, and you may need to contact Ory support if you encounter any issues during setup.

To create a native registration flow with passkeys using the Ory SDK, you can follow these steps: 1. First, ensure you have the Ory SDK installed and properly configured for your project. 2. To create a native registration flow with passkeys, you'll use the

createNativeRegistrationFlow

method from the

FrontendApi

. Here's an example of how to do this using the JavaScript SDK:

javascript import { Configuration, FrontendApi } from "@ory/client"  const frontend = new FrontendApi(   new Configuration({     basePath: `https://${process.env.ORY_PROJECT_SLUG}.<http://projects.oryapis.com|projects.oryapis.com>`,   }), )  export async function createRegistration() {   return await frontend.createNativeRegistrationFlow() }

This code snippet is based on the example provided in the [Ory documentation for creating a registration flow](https://www.ory.sh/docs/kratos/bring-your-own-ui/custom-ui-basic-integration#create-registration-flow). 3. After creating the registration flow, you'll need to handle the passkey registration process. This involves using the WebAuthn API, which Ory supports through its passkey strategy. Make sure you have enabled passkeys in your Ory project configuration [as described in the passkey documentation](https://www.ory.sh/docs/kratos/passwordless/passkeys#passkeys-with-the-dedicated-passkey-strategy). 4. To complete the registration, you'll need to update the registration flow with the passkey information. This is done using the

updateRegistrationFlow

method. Here's an example:

javascript async function submitRegistration(flowId, passkey) {   const result = await frontend.updateRegistrationFlow({     flow: flowId,     updateRegistrationFlowBody: {       method: "passkey",       passkey: passkey,       traits: { /* user traits */ },     }   })   .then(({ data }) => data)    return result }

This example is adapted from the [Ory SDK documentation for submitting a registration flow](https://www.ory.sh/docs/kratos/sdk/go#submit-registration-flow). 5. Remember to include the necessary WebAuthn JavaScript in your application:

html <head>   <script src="/.well-known/ory/webauthn.js"></script> </head>

This script is required for handling WebAuthn operations, as mentioned in the [Ory documentation for passwordless authentication](https://www.ory.sh/docs/kratos/bring-your-own-ui/custom-ui-advanced-integration#passwordless-authentication). Please note that the exact implementation may vary depending on your specific application requirements and the user interface you're building. Also, ensure that you're using the latest version of the Ory SDK, as the API might have slight variations between versions.