Good day Team - I'm using cloud. AND the client is intended to be mobile app therefore I'm using the Insomnia.rest... Which maybe acting as a Browser... @magnificent-energy-493 Thank you! I'll try the

/browser

endpoint.

Hello @wooden-monitor-66999 you are right Insomnia is a browser under the hood. So that is probably the cause of the error. Can you please use something like cUrl for the register&login and see if it works then? 🙏

GM - been away for couple of days. Just checked via curl using

/api

and am still getting the same error:

curl --request GET \
  --url 'https://<slug>.<http://oryapis.com/self-service/login/api?aal=aal2|oryapis.com/self-service/login/api?aal=aal2>'
{"error":{"id":"session_aal1_required","code":401,"status":"Unauthorized","request":"fe60d9cf-d479-956c-8bac-272c1e66fa37","reason":"You can not requested a higher AAL (AAL2/AAL3) without an active session.","message":"aal2 and aal3 can only be requested if a session exists already"}}

Hi @wooden-monitor-66999 Yes you need the user to have already logged in when you are doing 2FA. 1. Log in with credentials 2. Check session with

/whoami

3. When

/whoami

returns an error, invoke login again with

aal2

4. Submit 2FA

Thank you @proud-plumber-24205 - how can I help updating the docs with these steps?

I believe @wonderful-lamp-2357 could assist you with this. He is on holiday atm but can help you next week 🙂