The redirection to

/ui/welcome

could be due to the configuration of the

--default-redirect-url

flag in the Ory CLI proxy. By default, all redirects will go to the

[publish-url]

, but this behavior can be changed using the

--default-redirect-url

flag. If this flag is set to

/welcome

, all redirects, for example after login, will point to

/welcome

instead of

/

unless you have specified custom redirects in your Ory configuration or in the flow's

?return_to=

query parameter. Here is an example of how the flag is used:

$ ory --project <your-project-slug> \       --default-redirect-url /welcome \       <http://127.0.0.1:3000> \       <https://ory.example.org>

If you want to change the default redirect to

/ui/settings

, you can do so by changing the

--default-redirect-url

flag to

/ui/settings

. Please check your Ory CLI proxy configuration to ensure it is set up correctly. If the issue persists, it might be due to other configurations in your Ory setup. Source: [Ory CLI Proxy Redirects](https://www.ory.sh/docs/cli/ory-proxy#redirects)

Hmm, I don't know enough to give you a confident answer yet. The knowledge sources provided do not contain specific information about issues with redirection on the Ory Network. It could be related to the configuration of your Ory Network project or the specific Ory service you are using. For issues related to the Ory Network, you might find the [Ory documentation](https://www.ory.sh/docs/) helpful. It contains guides and troubleshooting steps for various Ory services. If you're experiencing issues related to a specific Ory service, such as Hydra, Kratos, or Keto, you might find the relevant sections in the documentation useful. If the issue persists, consider reaching out to Ory's [support services](https://www.ory.sh/support/). They offer dedicated support for Ory Network and can provide more specific assistance based on your unique setup and requirements.

The redirection to

/ui/welcome

after resetting the password could be due to the default behavior of Ory Network or a specific configuration in your project. By default, Ory Network might redirect users to a welcome page after certain actions, such as resetting a password. However, you can customize this behavior. In Ory Network, you can define the URLs of UI views for every self-service flow, including password reset. This is done in the User Interface section of the Ory Console. You can use relative or absolute paths to point to the desired UI. If you set a custom UI base URL, relative links will use your SDK Configuration URL as the base. If you want to change the default redirect to

/ui/settings

after password reset, you need to configure this in the User Interface section of the Ory Console. Also, note that if you define a custom UI base URL, you lose access to the Ory Account Experience. The custom UI base URL takes precedence over the SDK Configuration URL. Please check your Ory Network project configuration to ensure it is set up correctly. If the issue persists, it might be due to other configurations in your Ory setup. Source: [Configure Ory to use your UI](https://www.ory.sh/docs/kratos/bring-your-own-ui/configure-ory-to-use-your-ui)

By default, the reset link (or one-time code) in Ory is valid for 1 hour. This is defined in the

lifespan

configuration under the

recovery

flow in the

identity-config.yaml

file:

yaml flows:    recovery:      enabled: true      lifespan: 15m # Defines how much time the user has to complete the recovery flow in the UI. Default: 1h.      use: code # Defines which method is used, one of 'code' or 'link'.      notify_unknown_recipients: false # Defines if the system sends attempted recovery notifications to unregistered addresses.

In the example above, the lifespan is set to 15 minutes, but the default value is 1 hour. If you want to change the lifespan of the reset link, you can adjust this value in your project's configuration. Source: [Account recovery and password reset > Configuration](https://www.ory.sh/docs/kratos/self-service/flows/account-recovery-password-reset#configuration)

A message from kapa.ai

In Ory Network, the default lifespan for the recovery flow, which includes password reset, is 1 hour. This is defined in the

lifespan

configuration under the

recovery

flow in the

identity-config.yaml

file:

yaml flows:    recovery:      enabled: true      lifespan: 15m # Defines how much time the user has to complete the recovery flow in the UI. Default: 1h.      use: code # Defines which method is used, one of 'code' or 'link'.      notify_unknown_recipients: false # Defines if the system sends attempted recovery notifications to unregistered addresses.

In the example above, the lifespan is set to 15 minutes, but the default value is 1 hour. If you want to change the lifespan of the reset link, you can adjust this value in your project's configuration. Source: [Account recovery and password reset > Configuration](https://www.ory.sh/docs/kratos/self-service/flows/account-recovery-password-reset#configuration)

Ory stores session data in different ways for browser apps and native apps. For browser apps, Ory stores session data in Ory Session Cookies. For native apps, Ory stores session data in Ory Session Tokens. To check if a user is signed in and has an active session, you can use the

/sessions/whoami

endpoint. If the user doesn't have an active session, the system returns a

401 Unauthorized

response. If the user has an active session, you get a

200 OK

response and the session payload. However, the provided knowledge sources do not specify a direct way to differentiate which sessions used OAuth vs Cookie sessions. The session payload does not seem to contain this information. For more detailed tracking or logging of how sessions are initiated (via OAuth or Cookies), you might need to implement additional logging or tracking in your application or use Ory's [audit trail capabilities](https://www.ory.sh/docs/ecosystem/audit-trail) if available. Sources: - [Check session status](https://www.ory.sh/docs/identities/sign-in/check-session-token-cookie-api) - [Ory Session Tokens](https://www.ory.sh/docs/security-compliance/token-formats#ory-session-tokens) - [Session Management Overview](https://www.ory.sh/docs/kratos/session-management/overview)

Based on the provided knowledge sources, there isn't a direct way to get the number of identities that have used OAuth through the Ory Network API. The Ory Network API provides a method to list all identities in the system (

GET /admin/identities

), but the returned data does not specify the authentication method used (OAuth, password, etc.). However, you can get detailed information about a session, including the authentication methods used, by calling the

GET /sessions

endpoint. This returns a list of sessions, and each session includes a list of

authentication_methods

used. You could potentially iterate over all sessions and count the number of unique identities that have used OAuth. Please note that this approach might not be efficient or feasible depending on the number of sessions and identities in your system. It's also possible that this information might not be available if the sessions have expired. For more accurate tracking of how identities are authenticated, you might need to implement additional logging or tracking in your application, or use Ory's [audit trail capabilities](https://www.ory.sh/docs/ecosystem/audit-trail) if available. Sources: - [Ory API Reference > Ory APIs - identity > Methods > listIdentities](https://www.ory.sh/docs/reference/api#list-identities) - [Ory API Reference > Ory APIs - identity > Methods > listIdentitySessions > Responses Part 2](https://www.ory.sh/docs/reference/api#list-identity-sessions-response)

Yes, Ory Network supports audit trail capabilities. This feature allows you to track and log user activities, such as login attempts, password changes, and other actions. In the context of Ory Network, the audit trail is primarily implemented through logging. Ory uses logging in its cloud network, enabling forensic analysis of potential incidents. The

audience

field in the logs distinguishes between

application

logs intended for operators and developers, and

audit

logs that document allowed and denied authorizations, failed and succeeded log in attempts, and so on. Here is an example of how the

audience

field is used in the logs:

plaintext time=2020-05-20T11:57:09+02:00 level=info msg=An example log message. audience=application service_name=foo service_version=bar   time=2020-05-20T11:57:29+02:00 level=info msg=Login successful. audience=audit service_name=foo service_version=bar

Please note that the specific details and capabilities of the audit trail feature might vary depending on the specific Ory service you are using (Kratos, Hydra, Keto, etc.). Sources: - [Ory Docs > Security-compliance > GDPR compliance > How Ory Network helps you to be GDPR compliant > Protection against data breaches](https://www.ory.sh/docs/security-compliance/gdpr#protection-against-data-breaches) - [Ory Docs > Self-hosted > Operations > Logs and audit trails > Log fields](https://www.ory.sh/docs/self-hosted/operations/logging#log-fields)

To send the default recovery mail using the API, you need to initiate a recovery flow. Here are the steps: 1. Send a POST request to the

/self-service/recovery

endpoint. This request should include the user's email and the CSRF token in the request body. The CSRF token value is a hidden input field called

csrf_token

. Here is an example of how to do this using cURL:

bash curl -X POST -H 'Content-Type: application/json' \       -H 'Accept: application/json' \       -d '{"method":"code","email":"[email protected]","csrf_token":"your-csrf-token"}' \       -b cookies.txt \       "https://{project.slug}.<http://projects.oryapis.com/self-service/recovery?flow=<your-flow-id|projects.oryapis.com/self-service/recovery?flow=<your-flow-id>>"

2. The recovery flow can have a second submit step if the recovery method is set to

code

. In such a case, the recovery flow shows a field to submit the received code the user gets after they submit their email. 3. Copy the recovery link from the API response and send it to the user. The recovery link will look something like this:

json {     "recovery_link": "https://{project-slug}.<http://projects.oryapis.com/self-service/recovery?flow=b6c81504-dc8e-4786-b849-ac292bc9f317&token=VjKUKGU7J4YAonC5b5q1hDySJjWGh3qf|projects.oryapis.com/self-service/recovery?flow=b6c81504-dc8e-4786-b849-ac292bc9f317&token=VjKUKGU7J4YAonC5b5q1hDySJjWGh3qf>",     "expires_at": "2023-02-18T02:16:47.286385565Z"   }

Please replace

{project.slug}

with your project's slug and

<your-flow-id>

with the ID of your recovery flow. Sources: - [Submit recovery flow](https://www.ory.sh/docs/kratos/bring-your-own-ui/custom-ui-basic-integration#submit-recovery-flow) - [Invite users](https://www.ory.sh/docs/kratos/manage-identities/invite-users#procedure)

A message from kapa.ai

To send the default recovery mail with a code using the Ory Network Admin API, you can use the

AdminCreateSelfServiceRecoveryCode

endpoint. This operation requires an API key for authorization. Here is an example of how to do this using cURL:

bash curl --request POST -sL \    --header "Authorization: Bearer ORY_API_KEY" \    --header "Content-Type: application/json" \    --request POST \    --data '{    "expires_in": "12h",    "identity_id": "e01b5f2f-6afc-4194-8578-4cebcf69a4d5"   }' https://{your-project-slug}.<http://projects.oryapis.com/admin/recovery/code|projects.oryapis.com/admin/recovery/code>

In this example, replace

ORY_API_KEY

with your API key,

e01b5f2f-6afc-4194-8578-4cebcf69a4d5

with the ID of the identity for which you want to create a recovery code, and

{your-project-slug}

with your project's slug. You can also use the Ory Client Go SDK to achieve the same:

go package main      import (    "context"    "fmt"    "io"       ory "<http://github.com/ory/client-go|github.com/ory/client-go>"   )      func main() {    client := ory.NewAPIClient(&ory.Configuration{    Servers: ory.ServerConfigurations{{    URL: "https://{your-project-slug}.<http://projects.oryapis.com|projects.oryapis.com>",    }},    DefaultHeader: map[string]string{    "Authorization": "Bearer ORY_API_KEY", // API Key for your Ory Network project    },    })       code, res, err := client.FrontendApi.AdminCreateSelfServiceRecoveryCode(context.Background()).    AdminCreateSelfServiceRecoveryCodeBody(*ory.NewAdminCreateSelfServiceRecoveryCodeBody("YOUR_IDENTITY_ID")).    Execute()       if err != nil {    body, _ := io.ReadAll(res.Body)    fmt.Printf("could not create recovery code %v: %v", err.Error(), string(body))    panic(err)    }       fmt.Printf("Use link: %s\n", code.RecoveryLink)    fmt.Printf(" With code: %s\n", code.RecoveryCode)   }

In this example, replace

ORY_API_KEY

with your API key,

YOUR_IDENTITY_ID

with the ID of the identity for which you want to create a recovery code, and

{your-project-slug}

with your project's slug. Sources: - [Manage identities > Administrative account recovery > One-time codes](https://www.ory.sh/docs/kratos/manage-identities/account-recovery#one-time-codes) - [Authorization with API Keys](https://www.ory.sh/docs/concepts/personal-access-token)