Create Registration Flow for Native Apps
GET {{baseUrl}}/self-service/registration/api?return_session_token_exchange_code=<boolean>&return_to=<string>
This endpoint initiates a registration flow for API clients such as mobile devices, smart TVs, and so on.
If a valid provided session cookie or session token is provided, a 400 Bad Request error
will be returned unless the URL query parameter ?refresh=true
is set.
To fetch an existing registration flow call /self-service/registration/flows?flow=<flow_id>
.
You MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server Pages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make you vulnerable to a variety of CSRF attacks.
In the case of an error, the error.id
of the JSON response body can be one of:
session_already_available
: The user is already signed in.
security_csrf_violation
: Unable to fetch the flow because a CSRF violation occurred.
This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).
More information can be found at Ory Kratos User Login and User Registration Documentation.
Request Params
Key | Datatype | Required | Description |
---|---|---|---|
return_session_token_exchange_code | string | EnableSessionTokenExchangeCode requests the login flow to include a code that can be used to retrieve the session token | |
after the login flow has been completed. | |||
return_to | string | The URL to return the browser to after the flow was completed. |
HEADERS
Key | Datatype | Required | Description |
---|---|---|---|
Accept | string |
RESPONSES
status: OK
{"id":"\u003cuuid\u003e","type":"\u003cstring\u003e","expires_at":"\u003cdateTime\u003e","issued_at":"\u003cdateTime\u003e","request_url":"\u003cstring\u003e","ui":{"action":"\u003cstring\u003e","method":"\u003cstring\u003e","nodes":[{"type":"img","group":"link","attributes":{"name":"\u003cstring\u003e","type":"submit","disabled":"\u003cboolean\u003e","node_type":"img","autocomplete":"new-password","label":{"id":"\u003clong\u003e","text":"\u003cstring\u003e","type":"info","context":{}},"onclick":"\u003cstring\u003e","onload":"\u003cstring\u003e","pattern":"\u003cstring\u003e","required":"\u003cboolean\u003e","value":{"description":"The input's value.","nullable":true}},"messages":[{"id":"\u003clong\u003e","text":"\u003cstring\u003e","type":"error","context":{}},{"id":"\u003clong\u003e","text":"\u003cstring\u003e","type":"error","context":{}}],"meta":{"label":{"id":"\u003clong\u003e","text":"\u003cstring\u003e","type":"info","context":{}}}},{"type":"text","group":"lookup_secret","attributes":{"name":"\u003cstring\u003e","type":"button","disabled":"\u003cboolean\u003e","node_type":"img","autocomplete":"url","label":{"id":"\u003clong\u003e","text":"\u003cstring\u003e","type":"error","context":{}},"onclick":"\u003cstring\u003e","onload":"\u003cstring\u003e","pattern":"\u003cstring\u003e","required":"\u003cboolean\u003e","value":{"description":"The input's value.","nullable":true}},"messages":[{"id":"\u003clong\u003e","text":"\u003cstring\u003e","type":"error","context":{}},{"id":"\u003clong\u003e","text":"\u003cstring\u003e","type":"info","context":{}}],"meta":{"label":{"id":"\u003clong\u003e","text":"\u003cstring\u003e","type":"error","context":{}}}}],"messages":[{"id":"\u003clong\u003e","text":"\u003cstring\u003e","type":"success","context":{}},{"id":"\u003clong\u003e","text":"\u003cstring\u003e","type":"success","context":{}}]},"state":{"description":"State represents the state of this request:\n\nchoose_method: ask the user to choose a method (e.g. registration with email)\nsent_email: the email has been sent to the user\npassed_challenge: the request was successful and the registration challenge was passed."},"active":"totp","oauth2_login_challenge":"\u003cstring\u003e","oauth2_login_request":{"challenge":"\u003cstring\u003e","client":{"access_token_strategy":"\u003cstring\u003e","allowed_cors_origins":["\u003cstring\u003e","\u003cstring\u003e"],"audience":["\u003cstring\u003e","\u003cstring\u003e"],"authorization_code_grant_access_token_lifespan":"\u003cstring\u003e","authorization_code_grant_id_token_lifespan":"\u003cstring\u003e","authorization_code_grant_refresh_token_lifespan":"\u003cstring\u003e","backchannel_logout_session_required":"\u003cboolean\u003e","backchannel_logout_uri":"\u003cstring\u003e","client_credentials_grant_access_token_lifespan":"\u003cstring\u003e","client_id":"\u003cstring\u003e","client_name":"\u003cstring\u003e","client_secret":"\u003cstring\u003e","client_secret_expires_at":"\u003clong\u003e","client_uri":"\u003cstring\u003e","contacts":["\u003cstring\u003e","\u003cstring\u003e"],"created_at":"\u003cdateTime\u003e","frontchannel_logout_session_required":"\u003cboolean\u003e","frontchannel_logout_uri":"\u003cstring\u003e","grant_types":["\u003cstring\u003e","\u003cstring\u003e"],"implicit_grant_access_token_lifespan":"\u003cstring\u003e","implicit_grant_id_token_lifespan":"\u003cstring\u003e","jwks":{"description":"OAuth 2.0 Client JSON Web Key Set Client's JSON Web Key Set [JWK] document, passed by value. The semantics of the jwks parameter are the same as the jwks_uri parameter, other than that the JWK Set is passed by value, rather than by reference. This parameter is intended only to be used by Clients that, for some reason, are unable to use the jwks_uri parameter, for instance, by native applications that might not have a location to host the contents of the JWK Set. If a Client can use jwks_uri, it MUST NOT use jwks. One significant downside of jwks is that it does not enable key rotation (which jwks_uri does, as described in Section 10 of OpenID Connect Core 1.0 [OpenID.Core]). The jwks_uri and jwks parameters MUST NOT be used together."},"jwks_uri":"\u003cstring\u003e","jwt_bearer_grant_access_token_lifespan":"\u003cstring\u003e","logo_uri":"\u003cstring\u003e","metadata":{},"owner":"\u003cstring\u003e","policy_uri":"\u003cstring\u003e","post_logout_redirect_uris":["\u003cstring\u003e","\u003cstring\u003e"],"redirect_uris":["\u003cstring\u003e","\u003cstring\u003e"],"refresh_token_grant_access_token_lifespan":"\u003cstring\u003e","refresh_token_grant_id_token_lifespan":"\u003cstring\u003e","refresh_token_grant_refresh_token_lifespan":"\u003cstring\u003e","registration_access_token":"\u003cstring\u003e","registration_client_uri":"\u003cstring\u003e","request_object_signing_alg":"\u003cstring\u003e","request_uris":["\u003cstring\u003e","\u003cstring\u003e"],"response_types":["\u003cstring\u003e","\u003cstring\u003e"],"scope":"\u003cstring\u003e","sector_identifier_uri":"\u003cstring\u003e","skip_consent":"\u003cboolean\u003e","skip_logout_consent":"\u003cboolean\u003e","subject_type":"\u003cstring\u003e","token_endpoint_auth_method":"\u003cstring\u003e","token_endpoint_auth_signing_alg":"\u003cstring\u003e","tos_uri":"\u003cstring\u003e","updated_at":"\u003cdateTime\u003e","userinfo_signed_response_alg":"\u003cstring\u003e"},"oidc_context":{"acr_values":["\u003cstring\u003e","\u003cstring\u003e"],"display":"\u003cstring\u003e","id_token_hint_claims":{"laboris_b9":{}},"login_hint":"\u003cstring\u003e","ui_locales":["\u003cstring\u003e","\u003cstring\u003e"]},"request_url":"\u003cstring\u003e","requested_access_token_audience":["\u003cstring\u003e","\u003cstring\u003e"],"requested_scope":["\u003cstring\u003e","\u003cstring\u003e"],"session_id":"\u003cstring\u003e","skip":"\u003cboolean\u003e","subject":"\u003cstring\u003e"},"organization_id":"\u003cstring\u003e","return_to":"\u003cstring\u003e","session_token_exchange_code":"\u003cstring\u003e","transient_payload":{}}