square-napkin-92357
05/27/2025, 6:21 AMkratos/self-service/settings/browser
having QR image and secret
, I can use Google authenticator to scan and see my identity username. After that I use
curl --request POST \
--url '{{host}}/kratos/self-service/login?flow=829dcb7c-1efb-447c-8248-7afd3395955e' \
--header 'content-type: application/json' \
--header 'cookie: {{loginFlowCookie}}' \
--cookie '{{loginFlowCookie}}' \
--data '{
"csrf_token": "{{loginFlowCsrf}}",
"method": "totp",
"totp_code": "708589"
}'
to login but I get error:
"messages": [
{
"id": 4010002,
"text": "Could not find a strategy to log you in with. Did you fill out the form correctly?",
"type": "error"
}
]
Do you have any idea to resolve? please help!
"username": {
"type": "string",
"format": "username",
"title": "User name",
"minLength": 8,
"maxLength": 50,
"pattern": "^[a-zA-Z0-9][a-zA-Z0-9@_.-]{7,49}$",
"ory.sh/kratos": {
"credentials": {
"password": {
"identifier": true
},
"totp": {
"account_name": true
}
}
}
}
selfservice:
default_browser_return_url: <http://127.0.0.1:4455/welcome>
allowed_return_urls:
- <http://127.0.0.1:4455>
methods:
password:
enabled: true
profile:
enabled: true
totp:
config:
issuer: ExampleIssuer.com
enabled: true
magnificent-energy-493
"method": "totp"
• "totp_code": "<the 6-digit code from your authenticator app>"
Optionally, for browser flows, you should also include the csrf_token
.
Your curl command seems correct in structure.
The error is most likely due to either an expired/invalid login flow, missing/incorrect fields, or using the wrong flow type. Double-check that you are using a valid, active login flow and that your request matches the expected structure for the TOTP method.square-napkin-92357
05/29/2025, 1:56 AM