Hi Ory team! When looking at Kratos registrations,...
# talk-kratosb
boundless-insurance-60355
04/12/2023, 8:46 AMHi Ory team! When looking at Kratos registrations, I’m noticing that when a user registers using username/password an
identity_credentialpasswordlessgreenidentity_id=5d41c8d4-d144-45a2-a392-efee2a99c88bidentity_credentialsidentity_credential_type_id=78c1b41d-8341-4507-aa60-aff1d4369670identity_credential_type_id=6b213fa0-e6ad-46cb-8878-b088d2ce2e3cboundless-insurance-60355
04/12/2023, 8:52 AMHere is my kratos config.yaml:
Copy code
version: v0.11.0
ciphers:
algorithm: xchacha20-poly1305
cookies:
domain: <http://foundry.ac|foundry.ac>
courier:
templates:
recovery_code:
valid:
email:
body:
html: file:///etc/config/kratos/templates/recovery-code/valid/email.body.gotmpl
invalid:
email:
body:
html: file:///etc/config/kratos/templates/recovery-code/invalid/email.body.gotmpl
verification_code:
valid:
email:
body:
html: file:///etc/config/kratos/templates/verification-code/valid/email.body.gotmpl
smtp:
connection_uri: "xxx"
from_address: <mailto:xxx@foundry.ac|xxx@foundry.ac>
from_name: Foundry
hashers:
algorithm: bcrypt
bcrypt:
cost: 8
identity:
default_schema_id: default
schemas:
- id: default
url: file:///etc/config/kratos/identity.schema.json
log:
leak_sensitive_values: true
secrets:
cipher:
- xxx
cookie:
- xxx
selfservice:
allowed_return_urls:
- <https://foundry.ac>
- https://*.<http://foundry.ac|foundry.ac>
default_browser_return_url: <https://app.foundry.ac/>
flows:
error:
ui_url: <https://foundry.ac/auth/error>
login:
ui_url: <https://foundry.ac/auth/login>
lifespan: 1h
logout:
after:
default_browser_return_url: <https://foundry.ac/auth/login>
recovery:
enabled: true
ui_url: <https://foundry.ac/auth/recovery>
use: code
registration:
ui_url: <https://foundry.ac/auth/registration>
lifespan: 1h
after:
oidc:
hooks:
- hook: web_hook
config:
url: <http://foundry-oathkeeper-v2.internal:4455/web-api/api/ory/registration>
method: POST
can_interrupt: false
body: <base64://ZnVuY3Rpb24oY3R4KSB7IAogICAgaWQ6IGN0eC5pZGVudGl0eS5pZCwKICAgIHR>yYWl0czogewogICAgICAgIGVtYWlsOiBjdHguaWRlbnRpdHkudHJhaXRzLmVtYWlsCiAgICB9Cn0=
auth:
type: basic_auth
config:
user: xxx
password: xxx
- hook: session
password:
hooks:
- hook: web_hook
config:
url: <http://foundry-oathkeeper-v2.internal:4455/web-api/api/ory/registration>
method: POST
can_interrupt: false
body: <base64://ZnVuY3Rpb24oY3R4KSB7IAogICAgaWQ6IGN0eC5pZGVudGl0eS5pZCwKICAgIHR>yYWl0czogewogICAgICAgIGVtYWlsOiBjdHguaWRlbnRpdHkudHJhaXRzLmVtYWlsCiAgICB9Cn0=
auth:
type: basic_auth
config:
user: xxx
password: xxx
- hook: session
webauthn:
hooks:
- hook: web_hook
config:
url: <http://foundry-oathkeeper-v2.internal:4455/web-api/api/ory/registration>
method: POST
can_interrupt: false
body: <base64://ZnVuY3Rpb24oY3R4KSB7IAogICAgaWQ6IGN0eC5pZGVudGl0eS5pZCwKICAgIHR>yYWl0czogewogICAgICAgIGVtYWlsOiBjdHguaWRlbnRpdHkudHJhaXRzLmVtYWlsCiAgICB9Cn0=
auth:
type: basic_auth
config:
user: xxx
password: xxx
- hook: session
settings:
ui_url: <https://foundry.ac/auth/settings>
privileged_session_max_age: 15m
required_aal: highest_available
verification:
enabled: true
ui_url: <https://foundry.ac/auth/verification>
lifespan: "1h"
use: code
after:
default_browser_return_url: <https://app.foundry.ac/>
methods:
code:
enabled: true
lookup_secret:
enabled: true
oidc:
enabled: true
config:
providers:
- id: apple
provider: apple
client_id: xxx
apple_team_id: xxx
apple_private_key_id: xxx
apple_private_key: |
-----BEGIN PRIVATE KEY-----
xxx
-----END PRIVATE KEY-----
issuer_url: <https://appleid.apple.com>
mapper_url: <base64://bG9jYWwgY2xhaW1zID0gewogIGVtYWlsX3ZlcmlmaWVkOiBmYWxzZSwKfSArIHN>0ZC5leHRWYXIoJ2NsYWltcycpOwoKewogIGlkZW50aXR5OiB7CiAgICB0cmFpdHM6IHsKICAgICAgLy8gQWxsb3dpbmcgdW52ZXJpZmllZCBlbWFpbCBhZGRyZXNzZXMgZW5hYmxlcyBhY2NvdW50CiAgICAgIC8vIGVudW1lcmF0aW9uIGF0dGFja3MsICBpZiB0aGUgdmFsdWUgaXMgdXNlZCBmb3IKICAgICAgLy8gdmVyaWZpY2F0aW9uIG9yIGFzIGEgcGFzc3dvcmQgbG9naW4gaWRlbnRpZmllci4KICAgICAgLy8KICAgICAgLy8gVGhlcmVmb3JlIHdlIG9ubHkgcmV0dXJuIHRoZSBlbWFpbCBpZiBpdCAoYSkgZXhpc3RzIGFuZCAoYikgaXMgbWFya2VkIHZlcmlmaWVkCiAgICAgIC8vIGJ5IEFwcGxlLgogICAgICBbaWYgJ2VtYWlsJyBpbiBjbGFpbXMgJiYgY2xhaW1zLmVtYWlsX3ZlcmlmaWVkIHRoZW4gJ2VtYWlsJyBlbHNlIG51bGxdOiBjbGFpbXMuZW1haWwsCiAgICB9LAogIH0sCn0=
scope:
- email
- id: facebook
provider: facebook
client_id: "xxx"
client_secret: xxx
mapper_url: <base64://bG9jYWwgY2xhaW1zID0gc3RkLmV4dFZhcignY2xhaW1zJyk7CnsKICBpZGVudGl>0eTogewogICAgdHJhaXRzOiB7CiAgICAgIC8vIFRoZSBlbWFpbCBtaWdodCBiZSBlbXB0eSBpZiB0aGUgdXNlciBoYXNuJ3QgZ3JhbnRlZCBwZXJtaXNzaW9ucyBmb3IgdGhlIGVtYWlsIHNjb3BlLgogICAgICBbaWYgJ2VtYWlsJyBpbiBjbGFpbXMgdGhlbiAnZW1haWwnIGVsc2UgbnVsbF06IGNsYWltcy5lbWFpbCwKICAgIH0sCiAgfSwKfQ==
scope:
- email
- id: google
provider: google
client_id: xxx
client_secret: xxx
mapper_url: <base64://bG9jYWwgY2xhaW1zID0gewogIGVtYWlsX3ZlcmlmaWVkOiB0cnVlLAp9ICsgc3R>kLmV4dFZhcignY2xhaW1zJyk7Cgp7CiAgaWRlbnRpdHk6IHsKICAgIHRyYWl0czogewogICAgICBbaWYgJ2VtYWlsJyBpbiBjbGFpbXMgJiYgY2xhaW1zLmVtYWlsX3ZlcmlmaWVkIHRoZW4gJ2VtYWlsJyBlbHNlIG51bGxdOiBjbGFpbXMuZW1haWwKICAgIH0sCiAgfSwKfQ==
scope:
- email
- profile
requested_claims:
id_token:
email:
essential: true
email_verified:
essential: true
password:
enabled: true
totp:
config:
issuer: <http://foundry.ac|foundry.ac>
enabled: true
webauthn:
enabled: true
config:
passwordless: true
rp:
display_name: Foundry
id: <http://foundry.ac|foundry.ac>
origin: <https://foundry.ac>
serve:
public:
base_url: <https://identity.foundry.ac/>
cors:
enabled: true
admin:
base_url: <http://foundry-kratos-v2.internal:4434/>
session:
lifespan: 720h # 30 days
earliest_possible_extend: 168h # 7 days9 Views