Create Registration Flow for Browsers

GET {{baseUrl}}/self-service/registration/browser?return_to=<string>&login_challenge=<string>&after_verification_return_to=<string>&organization=<string>

This endpoint initializes a browser-based user registration flow. This endpoint will set the appropriate cookies and anti-CSRF measures required for browser-based flows.

If this endpoint is opened as a link in the browser, it will be redirected to selfservice.flows.registration.ui_url with the flow ID set as the query parameter ?flow=. If a valid user session exists already, the browser will be redirected to urls.default_redirect_url.

If this endpoint is called via an AJAX request, the response contains the flow without a redirect. In the case of an error, the error.id of the JSON response body can be one of:

session_already_available: The user is already signed in. security_csrf_violation: Unable to fetch the flow because a CSRF violation occurred. security_identity_mismatch: The requested ?return_to address is not allowed to be used. Adjust this in the configuration!

If this endpoint is called via an AJAX request, the response contains the registration flow without a redirect.

This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed.

More information can be found at Ory Kratos User Login and User Registration Documentation.

Request Params

If set will cooperate with Ory OAuth2 and OpenID to act as an OAuth2 server / OpenID Provider.

The value for this parameter comes from login_challenge URL Query parameter sent to your application (e.g. /registration?login_challenge=abcde).

This feature is compatible with Ory Hydra when not running on the Ory Network. | | after_verification_return_to | string | | The URL to return the browser to after the verification flow was completed.

After the registration flow is completed, the user will be sent a verification email. Upon completing the verification flow, this URL will be used to override the default selfservice.flows.verification.after.default_redirect_to value. | | organization | string | | |

HEADERS

RESPONSES

status: OK

{"id":"\u003cuuid\u003e","type":"\u003cstring\u003e","expires_at":"\u003cdateTime\u003e","issued_at":"\u003cdateTime\u003e","request_url":"\u003cstring\u003e","ui":{"action":"\u003cstring\u003e","method":"\u003cstring\u003e","nodes":[{"type":"img","group":"link","attributes":{"name":"\u003cstring\u003e","type":"submit","disabled":"\u003cboolean\u003e","node_type":"img","autocomplete":"new-password","label":{"id":"\u003clong\u003e","text":"\u003cstring\u003e","type":"info","context":{}},"onclick":"\u003cstring\u003e","onload":"\u003cstring\u003e","pattern":"\u003cstring\u003e","required":"\u003cboolean\u003e","value":{"description":"The input's value.","nullable":true}},"messages":[{"id":"\u003clong\u003e","text":"\u003cstring\u003e","type":"error","context":{}},{"id":"\u003clong\u003e","text":"\u003cstring\u003e","type":"error","context":{}}],"meta":{"label":{"id":"\u003clong\u003e","text":"\u003cstring\u003e","type":"info","context":{}}}},{"type":"text","group":"lookup_secret","attributes":{"name":"\u003cstring\u003e","type":"button","disabled":"\u003cboolean\u003e","node_type":"img","autocomplete":"url","label":{"id":"\u003clong\u003e","text":"\u003cstring\u003e","type":"error","context":{}},"onclick":"\u003cstring\u003e","onload":"\u003cstring\u003e","pattern":"\u003cstring\u003e","required":"\u003cboolean\u003e","value":{"description":"The input's value.","nullable":true}},"messages":[{"id":"\u003clong\u003e","text":"\u003cstring\u003e","type":"error","context":{}},{"id":"\u003clong\u003e","text":"\u003cstring\u003e","type":"info","context":{}}],"meta":{"label":{"id":"\u003clong\u003e","text":"\u003cstring\u003e","type":"error","context":{}}}}],"messages":[{"id":"\u003clong\u003e","text":"\u003cstring\u003e","type":"success","context":{}},{"id":"\u003clong\u003e","text":"\u003cstring\u003e","type":"success","context":{}}]},"state":{"description":"State represents the state of this request:\n\nchoose_method: ask the user to choose a method (e.g. registration with email)\nsent_email: the email has been sent to the user\npassed_challenge: the request was successful and the registration challenge was passed."},"active":"totp","oauth2_login_challenge":"\u003cstring\u003e","oauth2_login_request":{"challenge":"\u003cstring\u003e","client":{"access_token_strategy":"\u003cstring\u003e","allowed_cors_origins":["\u003cstring\u003e","\u003cstring\u003e"],"audience":["\u003cstring\u003e","\u003cstring\u003e"],"authorization_code_grant_access_token_lifespan":"\u003cstring\u003e","authorization_code_grant_id_token_lifespan":"\u003cstring\u003e","authorization_code_grant_refresh_token_lifespan":"\u003cstring\u003e","backchannel_logout_session_required":"\u003cboolean\u003e","backchannel_logout_uri":"\u003cstring\u003e","client_credentials_grant_access_token_lifespan":"\u003cstring\u003e","client_id":"\u003cstring\u003e","client_name":"\u003cstring\u003e","client_secret":"\u003cstring\u003e","client_secret_expires_at":"\u003clong\u003e","client_uri":"\u003cstring\u003e","contacts":["\u003cstring\u003e","\u003cstring\u003e"],"created_at":"\u003cdateTime\u003e","frontchannel_logout_session_required":"\u003cboolean\u003e","frontchannel_logout_uri":"\u003cstring\u003e","grant_types":["\u003cstring\u003e","\u003cstring\u003e"],"implicit_grant_access_token_lifespan":"\u003cstring\u003e","implicit_grant_id_token_lifespan":"\u003cstring\u003e","jwks":{"description":"OAuth 2.0 Client JSON Web Key Set  Client's JSON Web Key Set [JWK] document, passed by value. The semantics of the jwks parameter are the same as the jwks_uri parameter, other than that the JWK Set is passed by value, rather than by reference. This parameter is intended only to be used by Clients that, for some reason, are unable to use the jwks_uri parameter, for instance, by native applications that might not have a location to host the contents of the JWK Set. If a Client can use jwks_uri, it MUST NOT use jwks. One significant downside of jwks is that it does not enable key rotation (which jwks_uri does, as described in Section 10 of OpenID Connect Core 1.0 [OpenID.Core]). The jwks_uri and jwks parameters MUST NOT be used together."},"jwks_uri":"\u003cstring\u003e","jwt_bearer_grant_access_token_lifespan":"\u003cstring\u003e","logo_uri":"\u003cstring\u003e","metadata":{},"owner":"\u003cstring\u003e","policy_uri":"\u003cstring\u003e","post_logout_redirect_uris":["\u003cstring\u003e","\u003cstring\u003e"],"redirect_uris":["\u003cstring\u003e","\u003cstring\u003e"],"refresh_token_grant_access_token_lifespan":"\u003cstring\u003e","refresh_token_grant_id_token_lifespan":"\u003cstring\u003e","refresh_token_grant_refresh_token_lifespan":"\u003cstring\u003e","registration_access_token":"\u003cstring\u003e","registration_client_uri":"\u003cstring\u003e","request_object_signing_alg":"\u003cstring\u003e","request_uris":["\u003cstring\u003e","\u003cstring\u003e"],"response_types":["\u003cstring\u003e","\u003cstring\u003e"],"scope":"\u003cstring\u003e","sector_identifier_uri":"\u003cstring\u003e","skip_consent":"\u003cboolean\u003e","skip_logout_consent":"\u003cboolean\u003e","subject_type":"\u003cstring\u003e","token_endpoint_auth_method":"\u003cstring\u003e","token_endpoint_auth_signing_alg":"\u003cstring\u003e","tos_uri":"\u003cstring\u003e","updated_at":"\u003cdateTime\u003e","userinfo_signed_response_alg":"\u003cstring\u003e"},"oidc_context":{"acr_values":["\u003cstring\u003e","\u003cstring\u003e"],"display":"\u003cstring\u003e","id_token_hint_claims":{"laboris_b9":{}},"login_hint":"\u003cstring\u003e","ui_locales":["\u003cstring\u003e","\u003cstring\u003e"]},"request_url":"\u003cstring\u003e","requested_access_token_audience":["\u003cstring\u003e","\u003cstring\u003e"],"requested_scope":["\u003cstring\u003e","\u003cstring\u003e"],"session_id":"\u003cstring\u003e","skip":"\u003cboolean\u003e","subject":"\u003cstring\u003e"},"organization_id":"\u003cstring\u003e","return_to":"\u003cstring\u003e","session_token_exchange_code":"\u003cstring\u003e","transient_payload":{}}