This message was deleted.
# general
m
This message was deleted.
p
Hi @wonderful-plastic-55872 Could you provide a code snippet of how you are calling these apis?
s
I think you have to send both cookies, CSRF and session
👍 2
w
Copy code
func SubmitSettingsFlowWrapper(cookie string, flowID string, csrfToken string, pass string) (string, error) {
	submitDataBody := client.SubmitSelfServiceSettingsFlowBody{
		SubmitSelfServiceSettingsFlowWithPasswordMethodBody: client.NewSubmitSelfServiceSettingsFlowWithPasswordMethodBody("password", pass)}

	submitDataBody.SubmitSelfServiceSettingsFlowWithPasswordMethodBody.SetCsrfToken(csrfToken)
	
	apiClient := client.NewAPIClient(config.KratosClientConfig)
	_, r, err := apiClient.V0alpha2Api.SubmitSelfServiceSettingsFlow(context.Background()).Flow(flowID).SubmitSelfServiceSettingsFlowBody(submitDataBody).Cookie(cookie).Execute()

	if err != nil {
        fmt.Fprintf(os.Stderr, "Error when calling `V0alpha2Api.SubmitSelfServiceSettingsFlow``: %v\n", err)
        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
		return "", err
    }

	return "", nil
}
Here in the cookie, I have tried sending the csrf token cookie as well as the ory session cookie I received from the login and settings flow, however this gives an authorization error
also I tried sending ory session cookie in XSession and settings flow csrf in Cookie, still 401
Copy code
{{"error":{"code":401,"status":"Unauthorized","reason":"A valid Ory Session Cookie or Ory Session Token is missing.","message":"The request could not be authorized"}}                       } 166 [] false false map[] 0xc000414e00 <nil>}
Now I am sending also the session cookie as well as the csrf token
Copy code
func SubmitSettingsFlowWrapper(cookie string, session string, flowID string, csrfToken string, pass string) (string, error) {
    submitDataBody := client.SubmitSelfServiceSettingsFlowBody{
        SubmitSelfServiceSettingsFlowWithPasswordMethodBody: client.NewSubmitSelfServiceSettingsFlowWithPasswordMethodBody("password", pass)}

    submitDataBody.SubmitSelfServiceSettingsFlowWithPasswordMethodBody.SetCsrfToken(csrfToken)
    
    apiClient := client.NewAPIClient(config.KratosClientConfig)
    _, r, err := apiClient.V0alpha2Api.SubmitSelfServiceSettingsFlow(context.Background()).Flow(flowID).SubmitSelfServiceSettingsFlowBody(submitDataBody).XSessionToken(session).Cookie(cookie).Execute()

    if err != nil {
        fmt.Fprintf(os.Stderr, "Error when calling `V0alpha2Api.SubmitSelfServiceSettingsFlow``: %v\n", err)
        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
        return "", err
    }

    return "", nil
}
s
is this a server-side rendered UI? why do you submit the flow in the backend instead of using the api directly in the front-end?
where do
cookie, session, csrfToken
come from?
w
session
is the ory_kratos_session obtained after user is logged in using SelfServiceLoginFlow
cookie
,
flowid
and
csrf token
is obtained from InitializeSelfServiceSettingsFlow Also I am writing a wrapper for Kratos to integrate our application
@steep-lamp-91158 can you help with this please
s
I can't really help because I am missing too much context. Can you maybe print the request before that function incl. all (obfuscated/truncated) headers, and also the whole flow?