Hello everybody As it seems, social logins cannot be used with API clients like React Native, yet. Is there a workaround to make social logins available via the web view? Do I understand it correctly, that the browser API cannot be used, as Kratos hands out the session token as a HTTP Only cookie, which cannot be "fished" out of the web view? I've also seen https://github.com/ory/kratos/pull/2346 In the documentation I've seen the warning (screenshot), but the issue mentioned was solved recently. What is the next logical step forward, if we want to have social logins on our API clients? Thank you.

I think there is some options you have with webview, at least I have seen people make it work in the past. Depending on how fast you need it it might be better to wait for the official release, since we are going to tackle this soon most likely.

Hi @magnificent-energy-493 We have implemented a solution: https://github.com/openscript-ch/ory-kratos-session-catcher It is not completely bullet proof (security wise) there are possibilities to intercept the session by VPN providers on Android devices. For our use case it is okay, but we plan to figure out something similar to PKCE for transferring the session.

Hey @cuddly-plastic-72839 Thanks for sharing! We also have a “proper” implementation on the roadmap, I will see to get back to you when I know more!

Hi @magnificent-energy-493 We also had to create another service https://github.com/openscript-ch/ory-kratos-oauth2-redirector, as the webviews don't permit to do OAuth2 anymore: https://developers.googleblog.com/2021/06/upcoming-security-changes-to-googles-oauth-2.0-authorization-endpoint.html The solution is already in production for a few days now and handled the first 1k of logins/sign ups. 🙂