Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hello, I am working on a POC for switching from Auth0 to Ory Kratos. I have email/password with social auth, account recovery, and email verification pages all displaying properly. I am now working on TOTP. I am having an issue, where calling `/self-service/login/browser` with `aal=aal2` returns a flow with missing nodes. (Just crsf_token input node is returned along with populated messages array)

My set up is as follows. I cloned the Kratos repo and then started the docker using `docker-compose -f quickstart.yml -f quickstart-standalone.yml up --build --force-recreate` From there I have been modifying the kratos.yml file as needed. I’m using a React SPA application along with the NPM packages.

After logging in, and a successful session has started, I want to prompt the user with the MFA (TOTP) screen. I added

``` methods:
  totp:
   config:
    issuer: <http://CloudTruth.com|CloudTruth.com>
   enabled: true```
To the Kratos yml file. And

```  "totp":{ "account_name": true }```
To the identity schema.

This is happening when I call
`GET <http://localhost:4433/self-service/login/browser?aal=aal2>`


I attached a screen shot of the return from this call below &amp; the result in the UI.

Solved. A user has to link totp in settings before it works in login.