Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hi, I joined Slack to see if somebody else has ever tried to integrate Kratos with Ionic/Capacitor. Since Ionic apps are basically SPAs but rendered in a webview within a native context, I’m not sure if I should use cookies (browser approach) or tokens (native app approach) to handle self-service flows.
Here’s the paradox I am not able to solve:
1. I cannot use browser flows since my app is always served locally (<http://localhost> on Android, <capacitor://localhost> on iOS) and so will not be able to share cookies with Ory, no matter where it is hosted.
2. I cannot use API flows because Ory client prevents me from using them in a browser-like context, to avoid CSRF vulnerabilities.
About 1., I think that’s impossible to achieve. About 2., maybe sending native HTTP requests would solve the issue, but I don’t know if that’s the right approach honestly…

&gt; About 2., maybe sending native HTTP requests would solve the issue, but I don’t know if that’s the right approach honestly…
That should do it :slightly_smiling_face:

Great, I’ll try that then, thank you! I wonder if I can somehow find a way to map Ory/Axios requests into native ones without having to rewrite them…