Hello everyone, Is there anyone whose used sendgrid with ory kratos? If someone is used so please provide the solution its needfull for me.

Hello everyone, I've deployed Kratos in the same namespace as my PostgreSQL in k8s. While it can establish a connection, the issue is that when the Kratos pod starts, it doesn't automatically create the identity database. Here is kratos log and postgres logs

Starting PostgreSQL **
2023-12-07 14:56:37.602 GMT [1] LOG: pgaudit extension initialized
2023-12-07 14:56:37.610 GMT [1] LOG: starting PostgreSQL 14.4 on x86_64-pc-linux-gnu, compiled by gcc (Debian 10.2.1-6) 10.2.1 20210110, 64-bit
2023-12-07 14:56:37.610 GMT [1] LOG: listening on IPv4 address "0.0.0.0", port 5432
2023-12-07 14:56:37.610 GMT [1] LOG: listening on IPv6 address "::", port 5432
2023-12-07 14:56:37.619 GMT [1] LOG: listening on Unix socket "/tmp/.s.PGSQL.5432"
2023-12-07 14:56:37.625 GMT [131] LOG: database system was shut down at 2023-12-07 14:56:37 GMT
2023-12-07 14:56:37.634 GMT [1] LOG: database system is ready to accept connections
2023-12-07 14:56:46.323 GMT [145] FATAL: database "identity" does not exist
2023-12-07 14:56:46.556 GMT [146] FATAL: database "identity" does not exist
2023-12-07 14:56:55.601 GMT [154] FATAL: database "identity" does not exist
2023-12-07 14:56:56.104 GMT [155] FATAL: database "identity" does not exist
2023-12-07 14:57:17.114 GMT [184] FATAL: database "identity" does not exist

Kratos logs:

kubectl logs kratos-86f7b57998-fxwwx -c kratos-automigrate -n auth-default  

time=2023-12-07T15:06:57Z level=info msg=No tracer configured - skipping tracing setup audience=application service_name=Ory Kratos service_version=v1.0.0
time=2023-12-07T15:06:57Z level=debug msg=Connecting to SQL Database audience=application connMaxLifetime=0s idlePool=2 pool=4 service_name=Ory Kratos service_version=v1.0.0
time=2023-12-07T15:06:58Z level=warning msg=Unable to ping database, retrying. audience=application error=map[message:failed to connect to `host=postgres user=postgres database=identity`: server error (FATAL: database "identity" does not exist (SQLSTATE 3D000)) stack_trace:
<http://github.com/ory/kratos/persistence/sql.(*Persister).Ping|github.com/ory/kratos/persistence/sql.(*Persister).Ping>

Does anyone know if all

before

hooks return 500?

I am getting the following error when trying to submit an existing flow with valid credentials:

Expected WebAuthN in internal context to be an object

Details in thread

I am building out a custom UI for registration and need to handle two flows, a migration from an old identity system and an invitation only registration flow. For both flows, when navigating to my login url, I pass query parameters to the route. However, when submitting data to Kratos using the form post, if an error occurs, kratos redirects back to my registration route with only the flow query param. Is it possible to configure Kratos to pass the same query back, pass the custom input fields back, or something else to save the state of these additional fields? Should I be putting them on my identity model? I wouldn’t think so since they are irelevent after registration.

Cross-posting from another channel - any advice is appreciated! https://ory-community.slack.com/archives/C02PSRUGUAV/p1701726409792399

Hi all, is there any testing emails that we can use for development and testing (like testing Visa and MasterCard for Stripe)? It is difficult to work on registration/verification workflows, and restart whole database when use all my emails when work on app. Thank you in advance :)

I am trying to implement an email recovery in my browser app using the one-time-token, but I cannot seem to get the last step to work. I create a Recovery flow and then update it using the email, provided by the user. This leads to the email, being sent with the code and then I try to update the flow again, this time with the code instead of the email. However, I receive an 422 error 'In order to complete this flow please redirect the browser to: /reset-password?flow=646b01c7-3460-4de2-9745-4096193e0983'. /reset-password is the "settings" url I have setup in the Ory console, but the url in the error also contains a specific settings flow id and I don't understand where it comes from. I have not been able to locate in anywhere in the response from the first recovery flow update nor the recovery flow itself. Any help would be greatly appreciated.

I am trying to set a tunnel for my kratos project following this instructions. My application is running on port 8081 and I am running the following command:

ory tunnel <http://127.0.0.1:8081> --port 4001 --project <PROJECT_SLUG> --allowed-cors-origins <http://127.0.0.1:8081> --cookie-domain 127.0.0.1:8081 --dev --debug

But the CORS headers are not included in the response headers for the preflight requests:

HTTP/1.1 204 No Content
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Date: Sun, 03 Dec 2023 20:02:53 GMT

Request headers:

OPTIONS /self-service/login/browser HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Access-Control-Request-Headers: access-control-allow-credentials
Access-Control-Request-Method: GET
Cache-Control: no-cache
Connection: keep-alive
Host: 127.0.0.1:4001
Origin: <http://localhost:8081>
Pragma: no-cache
Referer: <http://localhost:8081/>
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36

In the terminal I get the following message:

[cors] 2023/12/03 14:25:29 Handler: Preflight request
[cors] 2023/12/03 14:25:29   Preflight aborted: headers '[Access-Control-Allow-Credentials]' not allowed

I am not sure if this could be a bug or if I am missing extra configuration. For context I am using the rust client and I am adding the headers directly to the reqwst client:

let mut headers = HeaderMap::new();
headers.insert(ACCEPT, HeaderValue::from_static("application/json"));
headers.insert(ACCESS_CONTROL_ALLOW_CREDENTIALS, HeaderValue::from_static("true"));
headers.insert(ORIGIN, HeaderValue::from_static("<http://127.0.0.1:8081>"));
let client = reqwest::Client::builder().default_headers(headers).build().unwrap();
let config = Configuration {
    base_path: ORY_ADMIN_URL.to_string(),
    user_agent: None,
    client,
    basic_auth: None,
    oauth_access_token: None,
    bearer_access_token: None,
    api_key: None,
};

Does anyone know how I can configure the request to

/self-service/methods/oidc/callback/:providerId

to redirect to my app's url? It's currently redirecting to

selfservice.default_browser_return_url

, which isn't ideal since I have multiple apps on separate subdomains. Perhaps there's an extra query param that I can add to the

/self-service/methods/oidc/callback

url, which will override the

default_browser_return_url

? For context, the

/self-service/methods/oidc/callback

endpoint is invoked by passing it as a

redirect_uri

query param to my OIDC provider's url, like so:

<https://myoktalogin.example.com/oauth2/v1/authorize?client_id=${myOidcClientId}&redirect_uri=${publicKratosBaseUrl}/self-service/methods/oidc/callback/my-okta-test&response_type=code&scope=email+profile+openid&state=${state}>

I have the rest of the OIDC flow working. Now I just need to customize the final redirect. I've included some logs below which show how this endpoint is being handled on my

oryd/kratos:v1.0.0

local deployment.

I’m trying to understand the context around Kratos + phone/sms - started a discussion on github https://github.com/ory/kratos/discussions/3651 but don’t really know the best way to engage with the team on this. Any help would be appreciated. Thanks!

Hey all, I’m nearly done implementing Kratos for our web app, but I’m stuck on one final detail. When users are registering with Kratos, I need to be able to migrate their user account to Kratos which I’m doing so with the

after

registration hooks. However, I can’t seem to get it to work. I’ll attach the config in the thread

Does anyone know why my call to

updateLoginFlow

is returning a 422? I'm calling it from the SDK like so, inside my SPA:

ory.createBrowserLoginFlow().then(({ data: flow }) => {
  const flowId = flow.id;
  ory
    .updateLoginFlow({ flow: flowId, updateLoginFlowBody: { method: 'oidc', provider: 'my-okta-test' } })
    .then(({ data: successRes }) => { ... })
})

but the

.updateLoginFlow

call is returning a 422. Here is the curl output of that call, which I got from my browser's networking tab:

Hi folks, I am currently working on an endpoint that works as a PostSettingsHook, which will be called after a user has completed a settings flow (updating its profile). From what I see in the ctx request body, the hook only stores the updated values. Is there any way I can get the old values as well in the body? Was thinking of putting the old values inside "hidden" form input so it can be fetched from

ctx.flow.ui

but would be nice if there's any "native" way.

~Hello everyone, I'm in the process of running ORY Kratos locally using Docker and connecting it to my React Next.js app. However, I've been facing a series of errors throughout the setup. Currently, I find myself stuck in a CORS error, despite having configured everything according to the documentation. Appreciate any assistance or insights you can provide.~

i recompile a kratos binary to add log to net/http.Client.Do function, and found this. UPDATE: disable

selfservice.methods.password.config.haveibeenpwned_enabled

[2023-11-30 03:05:33.335319799 +0000 UTC m=+107.237476855] gitops-debug,host: api.pwnedpasswords.com, uri: /range/4545F, req: &http.Request{Method:"GET", URL:(*url.URL)(0xc0019a3b00), Proto:"HTTP/1.1", ProtoMajor:1, ProtoMinor:1, Header:http.Header{}, Body:io.ReadCloser(nil), GetBody:(func() (io.ReadCloser, error))(nil), ContentLength:0, TransferEncoding:[]string(nil), Close:false, Host:"api.pwnedpasswords.com", Form:url.Values(nil), PostForm:url.Values(nil), MultipartForm:(*multipart.Form)(nil), Trailer:http.Header(nil), RemoteAddr:"", RequestURI:"", TLS:(*tls.ConnectionState)(nil), Cancel:(<-chan struct {})(nil), Response:(*http.Response)(nil), ctx:(*context.valueCtx)(0xc0000c6060)}

i tried to deploy paralus with kratos, but kratos always not ready, i already reinstalled postgresql with new pv, but still has the error:

time=2023-11-30T02:07:26Z level=error msg=An error occurred while handling a request audience=application error=map[message:migrations have not yet been fully applied] http_request=map[headers:map[accept:*/* connection:close user-agent:kube-probe/1.20+] host:127.0.0.1 method:GET path:/admin/health/ready query:<nil> remote：1xx.1.1.1:57928 scheme:http] http_response=map[status_code:503] service_name=Ory Kratos service_version=master

I am having a problem in the latest build of Kratos where verification and recovery emails are never delivered because the thread that monitors them never runs. I believe this may due to some interval setting. Does anyone know what can be causing this and how to fix it?

Does Kratos support or plan to support OpenID Connect RP initiated logout? It would be really handy for mobile use cases. See the spec here: https://openid.net/specs/openid-connect-rpinitiated-1_0.html

Can kratos be deployed for use in an intranet? Or does it have to rely on public access and be accessible by the public network?

Can kratos be deployed for use in an intranet? Or does it have to rely on public access and be accessible by the public network?

hi, which login flow do i use for a CLI app?

Hello All I was trying to deployed kratos on kubernetes but I am getting 404 not found error and can anyone please share the whole workflow how to deploy kratos on kubernetes

hi all, i deployed paralus with kratos and want to use private gitlab as idp provider, but callback timout, i found some error in kratos pod log:

time=2023-11-29T02:39:50Z level=error msg=An error occurred and is being forwarded to the error user interface. audience=application error=map[debug: message:An internal server error occurred, please contact the system administrator reason:GET <https://gitlab.xxx.com/oauth/userinfo> giving up after 3 attempt(s): Get "<https://gitlab.xxx.com/oauth/userinfo>": 1xx.x.x.x is not a public IP address status:Internal Server Error status_code:500]

kratos calls gitlab api from external ory service? or depends on any public ory service?

Does anyone know if phone verification got removed? I saw some older docs talking about the feature, but current docs don’t seem to discuss it any more. And the verification flow code looks like it hardcodes email expectations. Related: https://github.com/ory/kratos/issues/3632

For the Go SDK 1.3.0 announcement, https://ory-community.slack.com/archives/C010F2N7XR9/p1700002844932109, will that be pushed to pkg.go.dev at some point? It looks like it is still on 1.0.0: https://pkg.go.dev/github.com/ory/kratos-client-go

Hey guys, my question is about the session extend capabilities. API requests are forwarded via Traefik to oathkeeper, which mutates the cookie and sends a payload to a NestJS server. The payload is handled by an ory strategy "oathkeeper-jwt" which then authenticated the user. I am using the kratos client sdk in the server to extend the user's session, which is successful. The session is returned with a new expiry date, then I send a new cookie to the browser, which is also set correctly. The session entry in Kratos database is also updated successfully. The problem is that not matter how many times I extend the session, the requests stop being authorized after the original session expiry date. I haven't used Go before, but judging by the code, the session is not updated in the session store after extension. It returns the extended session, but when used to verify if the session is still valid, it uses the original. Is it me, or it's not working correctly? Please let me know. Thanks

Hey, I am currently looking at the PW recovery feature and realized that after the user started a Recovery Flow (recovery email triggered) only the recovery code itself is transferred (not the

flowId

, or messageId or similar). I looked at the webhook functionality, but unfortunately only either the recovery code or the flow id is available, depending on the hook being used.

courier.http.request_config

"hook" -> properties

recipient

and

recovery_code

get send, but not flowId

selfservice.flows.recovery.before.hooks

/

selfservice.flows.recovery.after.hooks

-> flowId is available, but the context of the email/recoveryCode is not existing (before) or already gone (after) Question: is it somehow possible to enrich the data for the first general hook (

courier.http.request_config

), so that the flowId is also transferred? Context: when having both the recoveryCode and flowId at hand, I could implement a better UX together with my custom UI. I also had a look at the Kratos Go Code (

SendRecoveryCodeTo

) and adding the flowId there would be quite easy. It does not even need to be part of the

EmailTemplate

's. But before creating an upstream PR I wanted to get in touch with you. Thx!

whereas the response from the server does not contain

state

(even not null)

here is the spec: https://www.ory.sh/docs/reference/api#tag/frontend/operation/createNativeRegistrationFlow sample response contains

"state": null,