Hey, I'm trying to follow https://www.ory.sh/docs/concepts/cache#force-refresh to force cache refresh and I'm having some issues. 1. using exactly

ory.toSession(undefined, undefined, {
  headers: {
    "Cache-Control": "max-age=0",
  },
})

raises an error

Expected 0-2 arguments, but got 3.ts(2554)

2. using

ory.toSession(undefined, {
  headers: {
    "Cache-Control": "max-age=0",
  },
})

seems to work as expected - I can see the cache-control header in the request. But the request results in a CORS error: "Cross-Origin Resource Sharing error: PreflightMissingAllowOriginHeader". This is for development for now, we're connecting to Ory through the Ory Tunnel. Would you have any pointers? We have a use-case where we want to set the cache expiration to be a bit more conservative than your defaults, so this would be a pretty useful capability to have.

Hi everyone! Is there a way to migrate a EU storage location to a global one? Our servers are currently in Montreal (GCP) and the latency is really high. Is the new global storage location changing the latency?

Hi all, I have a couple of questions: 1. I'm trying to integrate Ory client for dotnet to view and manage all of the identities. The docs says that to implement pagination I should provide

pageToken

. However, the

IdentityApi.ListIdentities

has return type of

Task<List<ClientIdentity>>

and I don't know how to receive the token for the next page. 2. My authorization model is extremely simple and Ory Permissions seems to be quite an overkill for it. On top of that, I need to come up with a solution that is relatively simple to justify Ory Network to my peers and managers. Is there a way to safely store permissions on the identity object itself? I was thinking something like claim or Ory traits.

Is there a way to block a user account? ie. keep the account but prevent sign-in/valid sessions. Use case: Identify fraud on users account, part of the steps would be to revoke access to the account for that user. We obviously don’t want to delete the account otherwise they could just come back again.

Hi, I'm developing using only the react-spa folder and the files inside it, so react-spa is my root folder. I want to style the login (UserAuthCard) and configuration (UserSettingsCard) pages, change font characteristics, field spacing, boxes; change size of warning messages. How do I access these files and change them? Please help me. #talk-network

Hey 👋 I’m wondering if it would be possible to enable more than one custom domain for our projects temporarily? We’d like to migrate between domains ideally without downtime. Tried reaching out to @fast-lunch-54279 which has been our contact so far but without luck. Thanks!

Hi everyone! Sorry if this is not the right channel for it. I have a question regarding Ory cloud offering config. I have an admin panel that should grant access to multiple projects (

<http://project1.com|project1.com>

,

<http://project2.com|project2.com>

). Assuming that I serve the the panel on the same domain as the projects (

<http://admin.project1.com|admin.project1.com>

) can I configure Ory to accept redirects to the same Ory project on multiple domains (e.g.

<http://ory.project1.com|ory.project1.com>

and

<http://ory.project2.com|ory.project2.com>

) and keep using cookies? Or is this the case where tokens should be used instead of cookies?

Hey Ory team here is a feedback from our account migration to Ory. Problem 1: We where not able to migrate hashes so we sent a recovery link to all users. The recovery flow does not make clear to set a new password (user is confused), it would be great to have a dedicated screen only asking for password. Problem 2: Our old website was using username (or email) as login identifier which has changed with Ory to email only. The Ory hosted UI names the login field “ID” which trapped many users. Any chance to customize the label to “Email”? Everything else worked smooth

Hello 👋 When using a SSO-flow, like Google. After the Google screens (select account, enter password etc) the user is redirected to a "Create Account" screen that resides with Ory, is it possible to skip this screen and just have the account created?

Hello 👋, While using Ory Network, I needed to also use Oathkeeper. Now, the upstream I use, Adds its mandatory CORS headers to response it sends. Also, Oathkeeper also add its CORS headers while returning response. So, I am consistently getting multiple "Access-Control-Allow-Origin" and that results in error showing it expected one 'Access-Control-Allow-Origin' but got multiple "Access-Control-Allow-Origin" . What can be way to remove the upstream response headers or Oathkeeper CORS headers so that this problem can be solved? Any suggestion will be helpful.

Hey 👋 I wonder if we know if the documentation Auth0 as a social signing provider is up to date? https://www.ory.sh/docs/kratos/social-signin/auth0 I tried following the docs but sadly can’t get it to work. I’ve managed to set up other providers successfully.

Hi, We are trying to add custom SMTP server for Ory Network account, but our mail provider requires IP whitelist to allow sending messages. I found that your webhooks use static IP addresses but no mentions on mail server. What are your IP-addresses that the emails are sent from?

Hi, I have a problem after selecting the email on the social login provider (google). This error appears in the image below. The error appears after I select to log in with Google, then I select my gmail which is the same as the ory registration and after that loads this image. #talk-network

Hello! We have configured a webhook with a key authentication type in Ory console, and now we have this key in our configuration like:

"config": {

"auth": {

"config": {

"in": "header",

"name": "my-key",

"value": "my-key-value"

},

"type": "api_key"

}

As we store the configuration file in our repository, we do not want to commit this key there. So is it possible not to specify the value of the authentication key in the configuration file and have it only in Ory console? We do not see anything about it in the docs. Thanks!

Hi, In the API documentation for the frontendApi -> Create Login Flow for Browsers says following: "... it will be redirected to

selfservice.flows.login.ui_url

" In the Ory console of a project where can I adjust this url?

Hi! Is there some issue with post-registration actions? They never trigger for me after user registration. The same action works when i select “after login” but not “after registration”.

Hello ory network! Who do I talk to, or where do i change my projects subscription plan? Actually, looking closer at it, even scale will not permit us to migrate over our latest customers using SCIM. Who can we send a bottle of wine in order to temporarily raise our burst limit?

Hello, can I authenticate to Ory Permissions (Ory Network hosted Keto) from a remote_json authorizer at OathKeeper?

Hello, I wonder if I can use Ory Permissions (Ory Network) as an

keto_engine_acp_ory

authorizer in OathKeeper? If so, do I just set the

keto_engine_acp_ory

handler’s base_url to the Ory Network project slug URL?

Hi Everyone, Can ORY Network supports sign in with phone number and SMS based OTP, and phone number verification with SMS based OTP, and how?

Hey we were happy to see the changes https://changelog.ory.sh/announcements/improved-oauth2-registration-flow and https://changelog.ory.sh/announcements/improved-user-experience-in-complex-oauth2-flows but not sure if we’re getting the expected behaviour when using the oauth registration and login flows with

session_after_registration

. We’ve set up a fresh project to check this using the react spa example. In the first case we’re initialising the registration flow with

promt=registration

which brings us to our registration page. We can see this flow object includes an

oauth2_login_request

object. The user signs up and continues with the verification flow, but after verifying The

continue

button from Ory Elements takes them to

/ui/welcome

on

localhost:3000

rather than completing to the original oauth flow? We have also tried initiating with

prompt=login

, then going from

localhost:3000/login

to

localhost:3000/registration

via Don't have an account? Signup Once we’ve verified in this case, the

continue

button does take us back to the original oauth flow, but instead of completing the flow, it redirects us back to

localhost:3000/login

asking the user to enter in the password again. (and actually after entering the password it redirects to

localhost:300/oauth2/...

rather than

localhost:4000/oauth2/...

We don't want users to have to enter the password for a second time. Are either of these changes meant to make this possible? The attached screen recordings show both of the above cases in action. Any clarification if this is possible at the moment with Ory would be a big help, thanks!

Hi everyone, Has anyone successfully used the accept-language header on Ory Client SDK? We are adding the language on the custom headers field ("Accept-Language") on the SDK. All the messages for native flows still return in english. Or do you know of another way to debug this?

Hi, on our website we redirect logged in users to the self service settings page for password / email change. Some user go there but don’t want to change something and couldn’t find a way to go back. Is there a way to bring a “return to website” button to the settings page without implementing a custom UI?

Hi 👋 I'm trying to configure a token_hook for an Ory network project as described in the documentation and getting the following error. Is there something I'm missing?

$ ory patch oauth2-config $PROJECT \
  --add '/oauth2/token_hook/url="<https://my-example.app/token-hook>"' \
  --format yaml

I[#/oauth2/token_hook] S[#/properties/oauth2/properties/token_hook/oneOf] oneOf failed
  I[#/oauth2/token_hook] S[#/properties/oauth2/properties/token_hook/oneOf/0/type] expected string, but got object
  I[#/oauth2/token_hook] S[#/properties/oauth2/properties/token_hook/oneOf/1/$ref] doesn't validate with "#/definitions/webhook_config"
    I[#/oauth2/token_hook/auth] S[#/definitions/webhook_config/properties/auth] validation failed
      I[#/oauth2/token_hook/auth/config/in] S[#/definitions/webhook_config/properties/auth/properties/config/properties/in/enum] value must be one of "header", "cookie"
      I[#/oauth2/token_hook/auth/type] S[#/definitions/webhook_config/properties/auth/properties/type/const] value must be "api_key"

While using ory Network example mentioned here:

<https://www.ory.sh/docs/keto/sdk/go>

, I am consistently getting

Error: 401 Unauthorized

I am using Golang and working with REST API Example to Create and Check permissions.

&{401 Unauthorized 401 HTTP/2.0 2 0 map[Alt-Svc:[h3=":443"; ma=86400] 
Cf-Cache-Status:[DYNAMIC] Cf-Ray:[82460dd218551b6e-DEL] 
Content-Length:[139] Content-Type:[application/json] 
Date:[Sat, 11 Nov 2023 11:04:22 GMT] Ory-Network-Region:[euw] 
Ory-Network-Request-Id:[5a218a34-0317-990e-b60e-03f5225dd719] 
Server:[cloudflare] 
Set-Cookie:[__cf_bm=N4PM96TOQRH5bdI6xqo8vp5bG0QqBe3g7HYJCgRW0Is-1699700662-0-AQ+pWmjEefha+2/2GimlqSg3KhjnGrE+voXEThgzYWl01Psh5SF7gZxEkMwlokGD0FwI9Vi2WMFtrTOzIfGi7qY=; path=/; expires=Sat, 11-Nov-23 11:34:22 GMT; domain=.oryapis.com; HttpOnly; Secure; SameSite=None __cflb=04dTodacKU6FNH24G2A1nz3iW5zeyxbzSERGKG592s; SameSite=None; Secure; path=/; expires=Sat, 11-Nov-23 12:04:22 GMT; HttpOnly _cfuvid=m6wSp3_Gx3Si.q3RPiO0s4xNwYAejkVf004NPYw9H.4-1699700662277-0-604800000; path=/; domain=.oryapis.com; HttpOnly; Secure; SameSite=None] Vary:[Origin]] {{"error":{"code":401,"status":"Unauthorized","request":"5a218a34-0317-990e-b60e-03f5225dd719","message":"Access credentials are invalid"}}

1. URL I use is:

https://{My-Ory-Network-Project-Slug}.<http://projects.oryapis.com|projects.oryapis.com>

2. API Key: I generated from the Ory Console looks like:

"ory_pat_***"

These above URL and API Key work completely fine in POSTMAN using REST API but shows 401 while using

client-go

Unable to find understand what am I missing. Any suggestion will be helpful 🙂

Hi team, We're doing a user migration to Ory using the batch API, but after a while, we're hitting Gateway Timeout. We were able to migrate 100k out of 500k identities, and now we can't continue because of the Gateway Timeout? Is there a way around this? We're in Scale plan, btw. Thanks! 🙏 cc @jolly-ocean-27001

Hello everyone 👋. Can anyone help me with the Ory Network? I made a little confusion here. I’ve upgraded to the Essentials plan because of custom domains. I tried to use it with the Ory Tunnel and obviously it didn’t work, totally my bad. I downgraded to Developer again, but now I can’t use custom domains, although my plan is active until December 4th. Any help is appreciated, thanks!

hey all, running into what is probably a small issue that I can’t quite figure out when implementing my own custom login/consent flow for oauth2. I have a login URL, which looks like this: https://{project_id}.projects.oryapis.com/oauth2/auth?response_type=code&client_id={client_id}&redirect_uri={redirect}&prompt=login&state=12345&scope=openid&max_age=1000 it works fine for going through the whole login/consent flow, and I get redirected to my redirect with an access code. However, when I go to that URL again I expect it to automatically redirect me to my redirect, since I am logged in already. When accepting the login/consent request I am setting remember and remember_for, so from my understanding it shouldn’t need me to log in again. if anyone knows when I should/should not expect to be taken to the login screen vs. just straight to the redirect that would be helpful!

Hey guys, we're using an oauth authorization code flow to authorise our

next.js

application with

email

as one of the scopes. On our settings page we allow our users to update their email using Ory Client. After they change their email however, the email we have obtained during the oauth login will now not match the new one Ory has. I assume the same is true for other scopes. We have tried to trigger a token refresh, but the

scopes

we get back don't seem to have been updated? Is there some configuration we need to do to make this happen? If the user does an ODIC logout then and logs in via the oauth flow again we see the scopes are updated and we get the correct email. But we'd rather not have to log a user out any time they update their email or we some other updated scope? Thanks!

I am not able to hit the /projects api. is that expected? e.g. https://www.ory.sh/docs/reference/api#tag/project/operation/listProjects I am able to take the cookie from my web session and use that to hit apis at https://api.console.ory.sh/projects/$ORY_PROJECT_ID but, the generated api keys don't seem to work.