initializeSelfServiceSettingsFlowWithoutBrowser method
Initialize Settings Flow for APIs, Services, Apps, ... This endpoint initiates a settings flow for API clients such as mobile devices, smart TVs, and so on. You must provide a valid Ory Kratos Session Token for this endpoint to respond with HTTP 200 OK. To fetch an existing settings flow call `/self-service/settings/flows?flow=<flow_id>`. You MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server Pages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make you vulnerable to a variety of CSRF attacks. Depending on your configuration this endpoint might return a 403 error if the session has a lower Authenticator Assurance Level (AAL) than is possible for the identity. This can happen if the identity has password + webauthn credentials (which would result in AAL2) but the session has only AAL1. If this error occurs, ask the user to sign in with the second factor or change the configuration. In the case of an error, the `error.id` of the JSON response body can be one of: `security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred. `session_inactive`: No Ory Session was found - sign in a user first. This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). More information can be found at Ory Kratos User Settings & Profile Management Documentation.
Parameters:
xSessionToken- The Session Token of the Identity performing the settings flow.cancelToken- ACancelTokenthat can be used to cancel the operationheaders- Can be used to add additional headers to the requestextras- Can be used to add flags to the requestvalidateStatus- AValidateStatuscallback that can be used to determine request success based on the HTTP status of the responseonSendProgress- AProgressCallbackthat can be used to get the send progressonReceiveProgress- AProgressCallbackthat can be used to get the receive progress
Returns a Future containing a Response with a SelfServiceSettingsFlow as data
Throws DioError if API call or serialization fails
Implementation
Future<Response<SelfServiceSettingsFlow>> initializeSelfServiceSettingsFlowWithoutBrowser({
String? xSessionToken,
CancelToken? cancelToken,
Map<String, dynamic>? headers,
Map<String, dynamic>? extra,
ValidateStatus? validateStatus,
ProgressCallback? onSendProgress,
ProgressCallback? onReceiveProgress,
}) async {
final _path = r'/self-service/settings/api';
final _options = Options(
method: r'GET',
headers: <String, dynamic>{
if (xSessionToken != null) r'X-Session-Token': xSessionToken,
...?headers,
},
extra: <String, dynamic>{
'secure': <Map<String, String>>[],
...?extra,
},
validateStatus: validateStatus,
);
final _response = await _dio.request<Object>(
_path,
options: _options,
cancelToken: cancelToken,
onSendProgress: onSendProgress,
onReceiveProgress: onReceiveProgress,
);
SelfServiceSettingsFlow _responseData;
try {
const _responseType = FullType(SelfServiceSettingsFlow);
_responseData = _serializers.deserialize(
_response.data!,
specifiedType: _responseType,
) as SelfServiceSettingsFlow;
} catch (error, stackTrace) {
throw DioError(
requestOptions: _response.requestOptions,
response: _response,
type: DioErrorType.other,
error: error,
)..stackTrace = stackTrace;
}
return Response<SelfServiceSettingsFlow>(
data: _responseData,
headers: _response.headers,
isRedirect: _response.isRedirect,
requestOptions: _response.requestOptions,
redirects: _response.redirects,
statusCode: _response.statusCode,
statusMessage: _response.statusMessage,
extra: _response.extra,
);
}