initializeSelfServiceLoginFlowWithoutBrowser method
Initialize Login Flow for APIs, Services, Apps, ... This endpoint initiates a login flow for API clients that do not use a browser, such as mobile devices, smart TVs, and so on. If a valid provided session cookie or session token is provided, a 400 Bad Request error will be returned unless the URL query parameter `?refresh=true` is set. To fetch an existing login flow call `/self-service/login/flows?flow=<flow_id>`. You MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server Pages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make you vulnerable to a variety of CSRF attacks, including CSRF login attacks. In the case of an error, the `error.id` of the JSON response body can be one of: `session_already_available`: The user is already signed in. `session_aal1_required`: Multi-factor auth (e.g. 2fa) was requested but the user has no session yet. `security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred. This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). More information can be found at Ory Kratos User Login and User Registration Documentation.
Parameters:
refresh
- Refresh a login session If set to true, this will refresh an existing login session by asking the user to sign in again. This will reset the authenticated_at time of the session.aal
- Request a Specific AuthenticationMethod Assurance Level Use this parameter to upgrade an existing session's authenticator assurance level (AAL). This allows you to ask for multi-factor authentication. When an identity sign in using e.g. username+password, the AAL is 1. If you wish to "upgrade" the session's security by asking the user to perform TOTP / WebAuth/ ... you would set this to "aal2".xSessionToken
- The Session Token of the Identity performing the settings flow.cancelToken
- ACancelToken
that can be used to cancel the operationheaders
- Can be used to add additional headers to the requestextras
- Can be used to add flags to the requestvalidateStatus
- AValidateStatus
callback that can be used to determine request success based on the HTTP status of the responseonSendProgress
- AProgressCallback
that can be used to get the send progressonReceiveProgress
- AProgressCallback
that can be used to get the receive progress
Returns a Future containing a Response
with a SelfServiceLoginFlow as data
Throws DioError
if API call or serialization fails
Implementation
Future<Response<SelfServiceLoginFlow>> initializeSelfServiceLoginFlowWithoutBrowser({
bool? refresh,
String? aal,
String? xSessionToken,
CancelToken? cancelToken,
Map<String, dynamic>? headers,
Map<String, dynamic>? extra,
ValidateStatus? validateStatus,
ProgressCallback? onSendProgress,
ProgressCallback? onReceiveProgress,
}) async {
final _path = r'/self-service/login/api';
final _options = Options(
method: r'GET',
headers: <String, dynamic>{
if (xSessionToken != null) r'X-Session-Token': xSessionToken,
...?headers,
},
extra: <String, dynamic>{
'secure': <Map<String, String>>[],
...?extra,
},
validateStatus: validateStatus,
);
final _queryParameters = <String, dynamic>{
if (refresh != null) r'refresh': encodeQueryParameter(_serializers, refresh, const FullType(bool)),
if (aal != null) r'aal': encodeQueryParameter(_serializers, aal, const FullType(String)),
};
final _response = await _dio.request<Object>(
_path,
options: _options,
queryParameters: _queryParameters,
cancelToken: cancelToken,
onSendProgress: onSendProgress,
onReceiveProgress: onReceiveProgress,
);
SelfServiceLoginFlow _responseData;
try {
const _responseType = FullType(SelfServiceLoginFlow);
_responseData = _serializers.deserialize(
_response.data!,
specifiedType: _responseType,
) as SelfServiceLoginFlow;
} catch (error, stackTrace) {
throw DioError(
requestOptions: _response.requestOptions,
response: _response,
type: DioErrorType.other,
error: error,
)..stackTrace = stackTrace;
}
return Response<SelfServiceLoginFlow>(
data: _responseData,
headers: _response.headers,
isRedirect: _response.isRedirect,
requestOptions: _response.requestOptions,
redirects: _response.redirects,
statusCode: _response.statusCode,
statusMessage: _response.statusMessage,
extra: _response.extra,
);
}