https://www.ory.sh/ logo
Join Slack
Powered by
Hi all, I am setting 2FA email. Email is verified....
# ory-network
s
Hi all, I am setting 2FA email. Email is verified. When I call
Copy code
curl --request GET \
  --url '<http://127.0.0.1:4455/kratos/self-service/login/browser?aal=aal2&refresh=true>' \
  --header 'accept: application/json' \
  --header 'cookie: {{oryKratosSession}}' \
  --cookie '{{oryKratosSession}}'
I get the response with
Copy code
"messages": [
      {
        "id": 1010003,
        "text": "Please confirm this action by verifying that it is you.",
        "type": "info"
      },
      {
        "id": 1010004,
        "text": "Please complete the second authentication challenge.",
        "type": "info"
      }
    ]
I wonder what is the next step or how can i pass 
"Please confirm this action by verifying that it is you."
. Please take a look and help me, thanks all! I follow https://www.ory.sh/docs/kratos/mfa/mfa-via-sms
m
Hey @square-napkin-92357 When you initiate a login flow with 
aal=aal2&refresh=true
, Ory Kratos is requiring you to perform step-up authentication (2FA) for your session. The messages you see indicate that you need to complete the second factor authentication step to upgrade your session to AAL2. This is expected behavior when strict MFA is enforced or when you explicitly request step-up authentication with 
aal=aal2
and 
refresh=true
see docs. The response to your 
GET
request should include a 
ui
object with 
nodes
. These nodes represent the form fields you need to complete. For email 2FA, you should see an input for the one-time code sent to your email. You can then submit the code in the frontend or call the API:
Copy code
curl -X POST \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json' \
  -b cookies.txt \
  -d '{"method":"code","code":"<your-2fa-code>","csrf_token":"<csrf-token>"}' \
  "<http://127.0.0.1:4455/kratos/self-service/login?flow=><flow-id>"
s
Thanks @magnificent-energy-493, I remove 
refresh=true
, just use only 
aal=aal2
and I do not see 
"Please confirm this action by verifying that it is you."
again
Open in Slack
PreviousNext
Powered by