Replies: 1 comment
-
Hello @miran248
Not using the right one will lead to security problems;
I would strongly discourage that unless you really know what you are doing. You can of course also implement your own thing; we give you the tools for that and so on. You write "browser api [...] makes too many assumptions" - can you share a bit what those are and what prevents you from using the browser API here? |
Beta Was this translation helpful? Give feedback.
-
Hey,
I made a poc using SimpleWebAuthn and Remix
I then called the
/self-service/registration
(updateRegistrationFlow
) the same way you do in your example (/.well-known/ory/webauthn.js
), only to receive theCould not find a strategy to sign you up with. Did you fill out the form correctly?
..I can't and don't want to use the browser api as it makes too many assumptions.
I maintain my own session cookie and csrf and don't wan't any public redirect / callback urls - and that's all browser api does, it seems.
I'd also like to keep kratos off of the internet.
Also, is it possible to do the oidc (social) without the redirects?
Currently I proxy the callback and then handle the response here, and because I don't have the dedicated failure route, it would be great if there was an api, which would return the
session_token_exchange_code
or a session directly.Also, what's the diff between
/self-service/registration
or/self-service/login
when using oidc strategy? They both do the same thing, when usingsession
hookThanks and take care!
Miran
Beta Was this translation helpful? Give feedback.
All reactions