New message text here

@chilly-king-10285 I enabled passkeys in ory network and added them to user identity schema but I am not getting the passkey option in the native registration flow api call. how can i fix this.

Based on the information provided in the knowledge sources, I can offer some guidance on enabling passkeys in Ory Network and troubleshooting the issue you're experiencing. Let's go through the steps to ensure passkeys are properly configured: 1. Enable passkey strategy: Make sure you've enabled the passkey strategy in your Ory Network project. According to the [Ory documentation on passkeys](https://www.ory.sh/docs/kratos/passwordless/passkeys#passkeys-with-the-dedicated-passkey-strategy), you can do this in the Ory Console or using the Ory CLI. For example, using the CLI:

ory patch identity-config <your-project-id> \  
   --add '/selfservice/methods/passkey/enabled=true' \  
   --add '/selfservice/methods/passkey/config/rp/display_name="My Display Name"'

2. Update the identity schema: Ensure that your identity schema includes the passkey configuration. Here's an example of how to add passkey support to a trait in your schema [as shown in the Ory documentation](https://www.ory.sh/docs/kratos/manage-identities/customize-identity-schema#username-and-email-and-password):

json
   {
     "type": "string",
     "<http://ory.sh/kratos|ory.sh/kratos>": {
       "credentials": {
         "passkey": {
           "display_name": true
         }
       }
     }
   }

3. Check for configuration errors: Review your configuration for any errors. The [GitHub issue discussion](https://github.com/ory/kratos/discussions/3931) shows an example of configuration errors related to passkeys. Make sure your configuration doesn't have any syntax errors or invalid properties. 4. Verify the passkey strategy is active: In your registration flow API call, check if the

passkey

method is listed in the available methods. If it's not, double-check your configuration and ensure that the passkey strategy is enabled and properly configured. 5. Use the latest SDK version: Ensure you're using the latest version of the Ory SDK in your application. The [GitHub issue](https://github.com/ory/network/issues/385) mentions using version 1.9.0 of

@ory/client

, but you should check for any newer versions that might include fixes or improvements for passkey support. 6. Check for conflicts with other authentication methods: If you're using multiple authentication methods, ensure they're not conflicting with each other. The [Ory documentation on passkeys](https://www.ory.sh/docs/kratos/passwordless/passkeys#choose-passkey-strategy) mentions that there might be compatibility issues between the WebAuthn strategy and the dedicated passkey strategy.

Based on the information provided in the knowledge sources, I can offer some guidance on enabling passkeys in Ory Network and troubleshooting the issue you're experiencing. Let's go through the steps to ensure passkeys are properly configured: 1. Enable passkey strategy: Make sure you've enabled the passkey strategy in your Ory Network project. According to the [Ory documentation on passkeys](https://www.ory.sh/docs/kratos/passwordless/passkeys#passkeys-with-the-dedicated-passkey-strategy), you can do this in the Ory Console or using the Ory CLI. For example, using the CLI:

ory patch identity-config <your-project-id> \      --add '/selfservice/methods/passkey/enabled=true' \      --add '/selfservice/methods/passkey/config/rp/display_name="My Display Name"'

2. Update the identity schema: Ensure that your identity schema includes the passkey configuration. Here's an example of how to add passkey support to a trait in your schema [as shown in the Ory documentation](https://www.ory.sh/docs/kratos/manage-identities/customize-identity-schema#username-and-email-and-password):

json    {      "type": "string",      "<http://ory.sh/kratos|ory.sh/kratos>": {        "credentials": {          "passkey": {            "display_name": true          }        }      }    }

3. Check for configuration errors: Review your configuration for any errors. The [GitHub issue discussion](https://github.com/ory/kratos/discussions/3931) shows an example of configuration errors related to passkeys. Make sure your configuration doesn't have any syntax errors or invalid properties. 4. Verify the passkey strategy is active: In your registration flow API call, check if the

passkey

method is listed in the available methods. If it's not, double-check your configuration and ensure that the passkey strategy is enabled and properly configured. 5. Use the latest SDK version: Ensure you're using the latest version of the Ory SDK in your application. The [GitHub issue](https://github.com/ory/network/issues/385) mentions using version 1.9.0 of

@ory/client

, but you should check for any newer versions that might include fixes or improvements for passkey support. 6. Check for conflicts with other authentication methods: If you're using multiple authentication methods, ensure they're not conflicting with each other. The [Ory documentation on passkeys](https://www.ory.sh/docs/kratos/passwordless/passkeys#choose-passkey-strategy) mentions that there might be compatibility issues between the WebAuthn strategy and the dedicated passkey strategy. If you've followed these steps and are still not seeing the passkey option in your registration flow, it's possible that there might be a bug or an issue with the Ory Network configuration. In this case, I recommend reaching out to Ory support or posting a detailed description of your issue, including your configuration (with sensitive information redacted) and the API response you're receiving, on the [Ory Community Slack](https://slack.ory.sh) or the Ory GitHub repository for further assistance.

Based on the information provided in the knowledge sources, I can explain why you're not seeing passkey information in the React Native API registration flow and suggest a potential solution. The key issue here is the difference between browser flows and API flows in Ory. According to the [Ory documentation on API flows](https://www.ory.sh/docs/kratos/self-service#api-flows-native-mobile--desktop-apps-command-line-interfaces-smart-tvs-and-more), API flows are designed for native mobile & desktop apps, command line interfaces, smart TVs, and similar non-browser environments. The documentation specifically states:

DANGER Never use API flows to implement Browser applications! Using API flows in Single-Page-Apps as well as server-side apps opens up several potential attack vectors, including Login and other CSRF attacks.

This warning suggests that certain security features, including passkeys, may not be available or may work differently in API flows compared to browser flows. Furthermore, the [Ory documentation on WebAuthn constraints](https://www.ory.sh/docs/kratos/passwordless/passkeys#constraints) mentions:

- WebAuthn is a browser standard. It does not work in native mobile apps.

While this specifically mentions WebAuthn, passkeys are built on the WebAuthn standard, so this limitation likely applies to passkeys as well. To address this issue, you have a few options: 1. Use a browser-based flow: If possible, consider using a browser-based flow for registration in your React Native app. This could involve opening a web view or the device's default browser to handle the registration process. 2. Implement a custom solution: You might need to implement a custom solution for handling passkeys in your React Native app. This could involve using platform-specific APIs to interact with the device's security features. 3. Use an alternative authentication method: If passkeys are not critical for your app's security model, you might consider using an alternative authentication method that is fully supported in API flows. 4. Contact Ory support: Given that passkeys are a relatively new feature, it's possible that support for them in API flows is planned but not yet implemented. You might want to reach out to Ory support or check their roadmap to see if this feature is coming soon. For the most up-to-date and accurate information, I recommend reaching out to Ory support directly or posting your question on the [Ory Community Slack](https://slack.ory.sh). They would be able to provide more specific guidance based on the current state of passkey support in Ory Network for React Native applications.

Based on the information provided in the knowledge sources, implementing passkeys in a React Native application with Ory presents some challenges. Here's what we know and some potential approaches: 1. WebAuthn Limitations: According to the [Ory documentation on WebAuthn constraints](https://www.ory.sh/docs/kratos/passwordless/passkeys#constraints), "WebAuthn is a browser standard. It does not work in native mobile apps." This is a significant limitation for React Native applications. 2. No Direct API Support: The [GitHub issue discussion](https://github.com/ory/network/issues/284) indicates that there's currently no API way to implement the WebAuthn flow in native apps, which includes React Native applications. 3. Browser Requirement: The current implementation of WebAuthn in Ory is browser-focused and requires JavaScript and browser APIs, which are not directly available in React Native. 4. Future Plans: An Ory team member mentioned that supporting WebAuthn in its full capacity on all supported devices is on their roadmap for the near future, but it's not currently available. Given these limitations, here are some potential approaches you could consider: 1. Use a WebView: You could implement a WebView in your React Native app to handle the passkey authentication. This would allow you to use the browser-based WebAuthn implementation. However, this might not provide the best user experience. 2. Platform-Specific Implementation: You could use React Native's ability to write platform-specific code. For iOS, you might be able to use the native Passkeys API, while for Android, you'd need to check the latest support for WebAuthn or Passkeys. 3. Third-Party Libraries: Look for third-party React Native libraries that might provide WebAuthn or Passkey support. However, be cautious about security implications when using external libraries for authentication. 4. Alternative Authentication Method: Consider using a different authentication method that's fully supported in React Native, such as login codes via email, as mentioned in the [Ory documentation on login codes](https://www.ory.sh/overview-login-password-passkey-webauthn-totp-sso-faceid/#login-code-via-email). 5. Wait for Official Support: Given that Ory has this on their roadmap, you might want to wait for official support if passkeys are not immediately critical for your application. For the most up-to-date information and guidance, I recommend reaching out to Ory support directly or posting your question on the [Ory Community Slack](https://slack.ory.sh). They would be able to provide more specific advice based on the current state of passkey support in Ory Network for React Native applications and potentially offer workarounds or timelines for native support.

Based on the knowledge sources provided, there is no direct mention of users having a second password in Ory. However, Ory does offer various multi-factor authentication (MFA) options that can provide additional security beyond a single password. Let me explain the available options: 1. Time-based One-Time Passwords (TOTP): Ory supports TOTP as a second factor authentication method. Users can set up TOTP using apps like Google Authenticator or FreeOTP. This acts as an additional security layer on top of the primary password [Ory documentation on TOTP](https://www.ory.sh/docs/kratos/mfa/totp). 2. WebAuthn/FIDO2: Ory supports WebAuthn, which allows users to use security keys or biometric authentication as a second factor [Ory documentation on WebAuthn](https://www.ory.sh/docs/kratos/mfa/webauthn-fido-yubikey#configuration). 3. Lookup Secrets (Recovery Codes): These are one-time use codes that users can generate and store securely as a backup authentication method [Ory documentation on Lookup Secrets](https://www.ory.sh/docs/kratos/mfa/lookup-secrets). 4. Passkeys: Ory supports passkeys, which are a form of passwordless authentication that can be used alongside or instead of traditional passwords [Ory documentation on Passkeys](https://www.ory.sh/docs/kratos/passwordless/passkeys#passkeys-with-the-webauthn-strategy). While these options provide additional security, they don't specifically allow for a second password in the traditional sense. Instead, they offer various forms of multi-factor authentication to enhance account security. If you're looking to implement additional security measures beyond a single password, I recommend exploring these MFA options provided by Ory. For the most up-to-date and specific information about authentication options, you may want to consult the [Ory documentation](https://www.ory.sh/docs/) or reach out to Ory support directly.

To add a passkey to an existing identity in Ory, you need to follow a specific process. Based on the information provided in the knowledge sources, here's how you can do it: 1. Enable Passkey Strategy: First, ensure that the passkey strategy is enabled in your Ory Network project. You can do this in the Ory Console or using the Ory CLI. As mentioned in the [Ory documentation on passkeys](https://www.ory.sh/docs/kratos/passwordless/passkeys#passkeys-with-the-dedicated-passkey-strategy), you can use the following CLI command:

ory patch identity-config <your-project-id> \  
   --add '/selfservice/methods/passkey/enabled=true' \  
   --add '/selfservice/methods/passkey/config/rp/display_name="My Display Name"'

2. Update Identity Schema: Make sure your identity schema includes the passkey configuration. Add the following to the relevant trait in your schema, as shown in the [Ory documentation on customizing identity schemas](https://www.ory.sh/docs/kratos/manage-identities/customize-identity-schema#passkey-display-name):

json
   {
     "<http://ory.sh/kratos|ory.sh/kratos>": {
       "credentials": {
         "passkey": {
           "display_name": true
         }
       }
     }
   }

3. Initiate Passkey Registration: To add a passkey to an existing identity, you need to initiate a registration flow for the passkey. This is typically done through a user interface where the user can choose to add a passkey. 4. Use the Registration API: When the user initiates the passkey addition, your application should make a call to the registration flow API. The response will include a

passkey_register

field with the necessary information to complete the passkey registration. 5. Complete Passkey Registration: Use the information from the

passkey_register

field to complete the WebAuthn registration process in the browser. This involves calling the browser's WebAuthn API to create the passkey. 6. Submit Passkey Data: After the passkey is created, submit the passkey data back to Ory to associate it with the user's identity. This is done by sending a request to update the registration flow, including the

passkey_register

data in the request body. Here's an example of what the request body might look like when submitting the passkey data, based on the [Ory API reference](https://www.ory.sh/docs/reference/api):

json
{
  "method": "passkey",
  "passkey_register": "...", // The JSON returned by the WebAuthn registration process
  "traits": {
    // Include any required identity traits here
  }
}

It's important to note that this process typically requires browser interaction, as passkeys rely on the WebAuthn API, which is a browser standard. If you're working with a native mobile app, you might need to use a WebView or consider alternative authentication methods.

To add a passkey to an existing identity in Ory, you need to follow a specific process. Based on the information provided in the knowledge sources, here's how you can do it: 1. Enable Passkey Strategy: First, ensure that the passkey strategy is enabled in your Ory Network project. You can do this in the Ory Console or using the Ory CLI. As mentioned in the [Ory documentation on passkeys](https://www.ory.sh/docs/kratos/passwordless/passkeys#passkeys-with-the-dedicated-passkey-strategy), you can use the following CLI command:

ory patch identity-config <your-project-id> \      --add '/selfservice/methods/passkey/enabled=true' \      --add '/selfservice/methods/passkey/config/rp/display_name="My Display Name"'

2. Update Identity Schema: Make sure your identity schema includes the passkey configuration. Add the following to the relevant trait in your schema, as shown in the [Ory documentation on customizing identity schemas](https://www.ory.sh/docs/kratos/manage-identities/customize-identity-schema#passkey-display-name):

json    {      "<http://ory.sh/kratos|ory.sh/kratos>": {        "credentials": {          "passkey": {            "display_name": true          }        }      }    }

3. Initiate Passkey Registration: To add a passkey to an existing identity, you need to initiate a registration flow for the passkey. This is typically done through a user interface where the user can choose to add a passkey. 4. Use the Registration API: When the user initiates the passkey addition, your application should make a call to the registration flow API. The response will include a

passkey_register

field with the necessary information to complete the passkey registration. 5. Complete Passkey Registration: Use the information from the

passkey_register

field to complete the WebAuthn registration process in the browser. This involves calling the browser's WebAuthn API to create the passkey. 6. Submit Passkey Data: After the passkey is created, submit the passkey data back to Ory to associate it with the user's identity. This is done by sending a request to update the registration flow, including the

passkey_register

data in the request body. Here's an example of what the request body might look like when submitting the passkey data, based on the [Ory API reference](https://www.ory.sh/docs/reference/api):

json {   "method": "passkey",   "passkey_register": "...", // The JSON returned by the WebAuthn registration process   "traits": {     // Include any required identity traits here   } }

It's important to note that this process typically requires browser interaction, as passkeys rely on the WebAuthn API, which is a browser standard. If you're working with a native mobile app, you might need to use a WebView or consider alternative authentication methods. For the most accurate and up-to-date information, especially if you encounter any issues during implementation, I recommend consulting the [Ory documentation](https://www.ory.sh/docs/) or reaching out to Ory support directly.

Based on the information provided in the knowledge sources, it appears you're encountering a common issue when trying to add a passkey to an existing user. This error typically occurs when the system interprets the passkey registration as an attempt to create a new account rather than updating an existing one. Let's explore the possible reasons and solutions: 1. Account Enumeration Protection: Ory has built-in protection against account enumeration attacks. As mentioned in the [Ory Network issue #229](https://github.com/ory/network/issues/229), this protection can sometimes interfere with legitimate operations like adding a new authentication method to an existing account. 2. Login Hints: Ory provides a feature called "login hints" which can help in these situations. According to the [Ory documentation on login hints](https://www.ory.sh/docs/identities/sign-in/login-hint), you can enable this feature to provide more informative messages when an account already exists. This might help guide the user to the correct action. 3. Registration vs. Settings Flow: It's possible that you're using a registration flow instead of a settings flow to add the passkey. The registration flow is designed for new accounts, which is why you're getting the "account already exists" error. To resolve this issue, try the following: 1. Use Settings Flow: Instead of using the registration flow, use the settings flow to add a passkey to an existing account. The settings flow is designed for modifying existing accounts, including adding new authentication methods. 2. Ensure User is Authenticated: Make sure the user is properly authenticated before attempting to add the passkey. The settings flow typically requires an active session. 3. Enable Login Hints: If you haven't already, consider enabling login hints in your Ory configuration. This can be done using the following CLI command:

ory patch project --project <project-id> --workspace <workspace-id> \
     --replace '/services/identity/config/selfservice/flows/registration/login_hints=true'

4. Check Identity Schema: Ensure your identity schema correctly supports passkeys and that it's properly configured for existing accounts to add passkeys. 5. Review Error Handling: If you're building a custom UI, make sure you're properly handling and displaying errors from the Ory API. The error message you're seeing might be a default message that doesn't accurately reflect the actual issue. If you continue to experience issues after trying these steps, it would be advisable to reach out to Ory support directly or post a detailed description of your problem, including your configuration (with sensitive information redacted) and the exact API calls you're making, on the [Ory Community Slack](https://slack.ory.sh) for more specific assistance.

Based on the information provided in the knowledge sources, it appears you're encountering a common issue when trying to add a passkey to an existing user. This error typically occurs when the system interprets the passkey registration as an attempt to create a new account rather than updating an existing one. Let's explore the possible reasons and solutions: 1. Account Enumeration Protection: Ory has built-in protection against account enumeration attacks. As mentioned in the [Ory Network issue #229](https://github.com/ory/network/issues/229), this protection can sometimes interfere with legitimate operations like adding a new authentication method to an existing account. 2. Login Hints: Ory provides a feature called "login hints" which can help in these situations. According to the [Ory documentation on login hints](https://www.ory.sh/docs/identities/sign-in/login-hint), you can enable this feature to provide more informative messages when an account already exists. This might help guide the user to the correct action. 3. Registration vs. Settings Flow: It's possible that you're using a registration flow instead of a settings flow to add the passkey. The registration flow is designed for new accounts, which is why you're getting the "account already exists" error. To resolve this issue, try the following: 1. Use Settings Flow: Instead of using the registration flow, use the settings flow to add a passkey to an existing account. The settings flow is designed for modifying existing accounts, including adding new authentication methods. 2. Ensure User is Authenticated: Make sure the user is properly authenticated before attempting to add the passkey. The settings flow typically requires an active session. 3. Enable Login Hints: If you haven't already, consider enabling login hints in your Ory configuration. This can be done using the following CLI command:

ory patch project --project <project-id> --workspace <workspace-id> \      --replace '/services/identity/config/selfservice/flows/registration/login_hints=true'

4. Check Identity Schema: Ensure your identity schema correctly supports passkeys and that it's properly configured for existing accounts to add passkeys. 5. Review Error Handling: If you're building a custom UI, make sure you're properly handling and displaying errors from the Ory API. The error message you're seeing might be a default message that doesn't accurately reflect the actual issue. If you continue to experience issues after trying these steps, it would be advisable to reach out to Ory support directly or post a detailed description of your problem, including your configuration (with sensitive information redacted) and the exact API calls you're making, on the [Ory Community Slack](https://slack.ory.sh) for more specific assistance. Remember, the exact solution may depend on your specific Ory configuration and how you're implementing the passkey addition flow in your application.