@User I am testing the webauthn 2FA stuff right now and I've noticed a strange behavior - when I remove the security key in settings, log out and try to log in again, the flow response lacks the whole "webauthn" group - there's just the csrf_token and a message to use the security key. So the user is basically locked out of logging in. Is this a bug or I just messed something up?

{
  "id": "e8fa25e4-e363-40bd-ba2e-dbcfa74b30e9",
  "type": "browser",
  "expires_at": "2022-02-14T13:26:53.528845Z",
  "issued_at": "2022-02-14T12:55:53.528845Z",
  "request_url": "<http://localhost:4433/self-service/login/browser?aal=aal2>",
  "ui": {
    "action": "<http://localhost:4433/self-service/login?flow=e8fa25e4-e363-40bd-ba2e-dbcfa74b30e9>",
    "method": "POST",
    "nodes": [
      {
        "type": "input",
        "group": "default",
        "attributes": {
          "name": "csrf_token",
          "type": "hidden",
          "value": "wC7XlHivQTZZcv80jRNAMO4mkOONWQnoWZm98WUe1vI7+h592/pDmt1/p3Ra3lkZ6YP8BwboDZULW/+F79xn3g==",
          "required": true,
          "disabled": false,
          "node_type": "input"
        },
        "messages": [],
        "meta": {}
      }
    ],
    "messages": [
      {
        "id": 1010004,
        "text": "Please complete the second authentication challenge.",
        "type": "info",
        "context": {}
      }
    ]
  },
  "created_at": "2022-02-14T12:55:53.537337Z",
  "updated_at": "2022-02-14T12:55:53.537337Z",
  "refresh": false,
  "requested_aal": "aal2"
}

EDIT: apparently, this is already fixed in master, but not released yet 🎉: https://github.com/ory/kratos/issues/2225#issuecomment-1039433142

Hey, appreciate your questions but please don’t ping me for every one 🙂 There are also others that can help!

Sorry 🙈