if I remove that line, will it allow AJAX based au...
# talk-kratos
if I remove that line, will it allow AJAX based authentication, and would I be causing any other issues by doing so? At least for now, I'm not concerned with CSRF attacks, just want to see ory work with a mobile app.
I would say removing patching the code would make you run Kratos on your own: no updates, have to generate your own images, etc. I don't think it is the best approach.
Can u use the API flows? You can create identities, authenticate and do other stuff through REST API calls. Doesn't that work for you?
check the Init Login Flow for APIs
so, I did remove the line of code throwing the error, and it worked
and I compiled kratos myself and go it running, and am now able to do a login from a flutter app.
but you're right, doing it via hacking kratos source is probably a bad route to go
so I'll try it from the api, which of the endpoints in the documentation is for submitting a username and password to get the session_token
that's what I need for this to work.
I did it the way I did because I was following the documentation here for getting a session_token: https://www.ory.sh/kratos/docs/self-service/flows/user-login#api-clients
which is what's necessary for a mobile client to become authenticated.
I think i see it, it's this one, let me try it out and I'll report back if it works or not -- don't like hacking up kratos.
I think maybe it's the same as what I'm doing but the only difference is in the port number...
So I found out that the issue is that flutter builds a web version of your, so you have to use the browser login to authenticate through kratos.