To implement user registration using phone numbers as identifiers and passkey login without passwords in Ory Kratos, you'll need to configure your identity schema and enable the passkey strategy. Here's how you can achieve this: 1. Configure the identity schema: You'll need to set up your identity schema to use phone numbers as the primary identifier. Here's an example of how your schema could look:

json {   "$id": "<https://example.com/registration.schema.json>",   "$schema": "<http://json-schema.org/draft-07/schema#>",   "title": "Person",   "type": "object",   "properties": {     "traits": {       "type": "object",       "properties": {         "phone": {           "type": "string",           "format": "tel",           "<http://ory.sh/kratos|ory.sh/kratos>": {             "credentials": {               "passkey": {                 "display_name": true               }             },             "verification": {               "via": "sms"             }           }         }       }     }   } }

This schema sets up the phone number as the primary identifier and configures it to be used with the passkey strategy. It also enables verification via SMS. 2. Enable the passkey strategy: You'll need to enable the passkey strategy in your Kratos configuration. If you're using Ory Network, you can do this through the Ory Console. Alternatively, you can use the Ory CLI or modify your configuration file directly. Using the Ory CLI:

ory patch identity-config <your-project-id> \    --add '/selfservice/methods/passkey/enabled=true' \    --add '/selfservice/methods/passkey/config/rp/display_name="My Display Name"'

Or in your `config.yml`:

yaml    selfservice:      methods:        passkey:          enabled: true          config:            rp:              display_name: Your Application name              id: localhost              origins:                - <http://localhost:4455>

3. Disable other authentication methods: Make sure to disable other authentication methods like password-based login in your Kratos configuration. By implementing these steps, you'll have a setup where users can register using their phone numbers and authenticate using passkeys without passwords. Remember to implement proper phone number verification to ensure the security of your application. You may also want to consider implementing a fallback authentication method or account recovery process in case users lose access to their passkeys. For more detailed information, you can refer to the following Ory documentation: - [Passkeys & WebAuthN](https://www.ory.sh/docs/kratos/passwordless/passkeys) - [Customize identity schemas](https://www.ory.sh/docs/kratos/manage-identities/customize-identity-schema#phone-number-and-password)

@chilly-king-10285 My identity schema

{
  "$schema": "<http://json-schema.org/draft-07/schema#>",
  "title": "User",
  "type": "object",
  "properties": {
    "traits": {
      "type": "object",
      "properties": {
        "phone_number": {
          "type": "string",
          "title": "Phone Number",
          "format": "tel",
          "minLength": 10,
          "<http://ory.sh/kratos|ory.sh/kratos>": {
            "credentials": {
              "passkey": {
                "display_name": true
              }
            }
          }
        },
        "first_name": {
          "type": "string",
          "title": "First Name"
        },
        "last_name": {
          "type": "string",
          "title": "Last Name"
        },
        "verified": {
          "type": "boolean",
          "title": "Verified",
          "default": false
        }
      },
      "required": [
        "phone_number"
      ],
      "additionalProperties": false
    }
  }
}

Your identity schema looks good for using phone numbers as the primary identifier and enabling passkey authentication. However, there are a couple of improvements we can make to ensure proper functionality and security: 1. Phone number verification: To enable phone number verification via SMS, you should add the

verification

field to the

<http://ory.sh/kratos|ory.sh/kratos>

object for the

phone_number

property. Here's how you can modify it:

json "phone_number": {   "type": "string",   "title": "Phone Number",   "format": "tel",   "minLength": 10,   "<http://ory.sh/kratos|ory.sh/kratos>": {     "credentials": {       "passkey": {         "display_name": true       }     },     "verification": {       "via": "sms"     }   } }

This change allows Ory Kratos to send verification codes via SMS to the user's phone number. 2. Remove the

verified

field: The

verified

field in your schema is not necessary. Ory Kratos handles the verification status internally, so you don't need to manage it manually in the identity schema. Here's the updated and improved version of your identity schema:

json {   "$schema": "<http://json-schema.org/draft-07/schema#>",   "title": "User",   "type": "object",   "properties": {     "traits": {       "type": "object",       "properties": {         "phone_number": {           "type": "string",           "title": "Phone Number",           "format": "tel",           "minLength": 10,           "<http://ory.sh/kratos|ory.sh/kratos>": {             "credentials": {               "passkey": {                 "display_name": true               }             },             "verification": {               "via": "sms"             }           }         },         "first_name": {           "type": "string",           "title": "First Name"         },         "last_name": {           "type": "string",           "title": "Last Name"         }       },       "required": ["phone_number"],       "additionalProperties": false     }   } }

With these changes, your identity schema is now set up to use phone numbers as the primary identifier, enable passkey authentication, and allow for phone number verification via SMS. Remember to also configure your Ory Kratos instance to enable the passkey strategy and disable other authentication methods, as mentioned in the previous answer. For more information on customizing identity schemas and implementing phone number verification, you can refer to the [Ory Kratos documentation on customizing identity schemas](https://www.ory.sh/docs/kratos/manage-identities/customize-identity-schema#phone-number).

Sorry @high-fountain-56565, I seem to be having a bit of trouble. Don't worry though, I've pinged my support folks and they will try to fix me up! 🧑‍💻 Perhaps try again in 5mins?

Based on the error message you've provided, it seems that Ory Kratos is unable to find a suitable strategy to sign up the user. This error is likely occurring because the configuration for registration methods doesn't match the identity schema or the enabled strategies in your Kratos configuration. Let's break down the possible reasons and solutions: 1. Missing or incorrect registration strategy: The error message suggests that Kratos couldn't find a strategy to sign up with. This could be because the passkey (WebAuthn) strategy is not enabled in your configuration. To resolve this, ensure that you have enabled the passkey strategy in your Kratos configuration. You can do this by adding the following to your

kratos.yml

file:

yaml    selfservice:      methods:        passkey:          enabled: true          config:            rp:              display_name: Your Application Name              id: <http://your-domain.com|your-domain.com>              origins:                - <https://your-domain.com>

Make sure to replace

Your Application Name

and

<http://your-domain.com|your-domain.com>

with your actual application details. 2. Mismatch between identity schema and enabled strategies: Your identity schema is set up to use passkeys, but the error message indicates that WebAuthn is disabled (

webauthn:map[enabled:false]

). This mismatch could be causing the issue. Ensure that your identity schema matches the enabled strategies in your Kratos configuration. If you're using passkeys, make sure the WebAuthn/passkey strategy is enabled as shown in point 1. 3. External phone verification: Since you mentioned that you're doing phone verification outside of Ory, make sure that your identity schema doesn't include the

verification

field for the phone number. This could potentially cause conflicts with Kratos' internal verification process. 4. Check other registration methods: If you've disabled all other registration methods (like password), make sure you haven't accidentally left any references to them in your configuration or identity schema. To get more detailed information about the error, you can increase the log level in your Kratos configuration:

yaml log:   level: debug   format: json

This will provide more verbose logs that might give you additional insights into why the registration is failing. If you continue to face issues after making these changes, you may want to review your entire Kratos configuration and identity schema to ensure they are correctly set up for passkey-only registration with external phone verification. For more information on configuring registration flows and troubleshooting, you can refer to the [Ory Kratos documentation on registration flows](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).