# talk-kratos


12/09/2021, 1:29 AM
if I remove that line, will it allow AJAX based authentication, and would I be causing any other issues by doing so? At least for now, I'm not concerned with CSRF attacks, just want to see ory work with a mobile app.


12/09/2021, 12:25 PM
I would say removing patching the code would make you run Kratos on your own: no updates, have to generate your own images, etc. I don't think it is the best approach.
Can u use the API flows? You can create identities, authenticate and do other stuff through REST API calls. Doesn't that work for you?
check the Init Login Flow for APIs


12/10/2021, 12:38 AM
so, I did remove the line of code throwing the error, and it worked
and I compiled kratos myself and go it running, and am now able to do a login from a flutter app.
but you're right, doing it via hacking kratos source is probably a bad route to go
so I'll try it from the api, which of the endpoints in the documentation is for submitting a username and password to get the session_token
that's what I need for this to work.
I did it the way I did because I was following the documentation here for getting a session_token:
which is what's necessary for a mobile client to become authenticated.
I think i see it, it's this one, let me try it out and I'll report back if it works or not -- don't like hacking up kratos.
I think maybe it's the same as what I'm doing but the only difference is in the port number...
So I found out that the issue is that flutter builds a web version of your, so you have to use the browser login to authenticate through kratos.