Hey everyone,
I'm currently investigating Ory as ...
# generale
enough-sugar-12780
04/30/2024, 9:34 PMHey everyone,
I'm currently investigating Ory as an authentication solution for our project, and I haven't found information on how to implement some of the flows.
1. How can I request a user to verify their email before changing it?
2. Is it possible to ask the user to enter their old password when setting a new one?
If you have experience working with this, could you please share it with me?
Thank you!
b
billions-elephant-38030
05/01/2024, 9:20 AMi think the flow in the diagram here covers what you're asking: https://www.ory.sh/docs/kratos/self-service/flows/user-settings
🙌 1
billions-elephant-38030
05/01/2024, 9:21 AMand probably this section is of most relevance: https://www.ory.sh/docs/kratos/self-service/flows/user-settings#updating-privileged-fields
🙌 1
e
enough-sugar-12780
05/02/2024, 10:36 AMThank you so much, it helped me to set up the password flow.
But I still have a problem with changing email.
After you log in to the system, you have permission to change the email. However, if you do so and then log out, you won't be able to log in again. (This issue occurs if the user enters an incorrect email address and you only require verified email addresses to log in)
Have you ever solved this problem at some point?
b
billions-elephant-38030
05/02/2024, 3:56 PMI have not run into that issue yet
billions-elephant-38030
05/02/2024, 3:56 PMits an interesting one
e
enough-sugar-12780
05/02/2024, 4:08 PMMaybe I missed something, but it seems like there's an issue on the Ory side.
I've recorded a short video that shows this problem. (In case I want to allow users to log in only with verified emails, this could pose a problem)
b
billions-elephant-38030
05/02/2024, 4:20 PMhmm, yeah so its a privileged session (recently got a fresh session, i.e. not timed out),, so it can change email address which is an identifier at will without refreshing token.. same as my app. I'm self hosted.
the main problem is that it changed without a verification required....
billions-elephant-38030
05/02/2024, 4:22 PMbillions-elephant-38030
05/02/2024, 4:23 PMif you check the network tab on chrome do you see in the response from updating the settings flow? does it have
continue_withbillions-elephant-38030
05/02/2024, 4:23 PMi mean, that is Ory's own UI there, so it should be dealing with it
billions-elephant-38030
05/02/2024, 4:25 PMmay be fixable with a hook
billions-elephant-38030
05/02/2024, 4:31 PMBelieve I found a discussion about this exact issue: https://github.com/ory/kratos/discussions/2501
billions-elephant-38030
05/02/2024, 4:32 PMand related issue: https://github.com/ory/kratos/issues/140
billions-elephant-38030
05/02/2024, 4:33 PMsounds like it is indeed a known issue
e
enough-sugar-12780
05/02/2024, 4:36 PMOh, thanks for your input. I didn't see these GitHub issues yet.
I think it will be easier to just disable the ability to change email for user at this point 🙂
b
billions-elephant-38030
05/02/2024, 4:36 PMexactly my thoughts 😄
😄 1
billions-elephant-38030
05/02/2024, 4:41 PMnot entirely sure how I'd do that,, it it ideally needs to be on the ory backend side of things... even if I remove the email field from the UI ory will complain the email is not in the update settings body because its a required field on the submission body...
billions-elephant-38030
05/02/2024, 4:42 PMI'll have a play tomorrow
billions-elephant-38030
05/02/2024, 4:42 PMlet me know if you come up with anything, as I'll run into the exact same problem soon
🤝 1
e
enough-sugar-12780
05/02/2024, 4:44 PMOkay, I will notify you if I find anything
gratitude thank you 1
11 Views