Hey guys, I’m implementing the `verification flow`...
# talk-kratosc
cool-engine-68327
08/08/2022, 6:26 PMHey guys, I’m implementing the
verification flowp
proud-plumber-24205
08/09/2022, 7:56 AMHi @cool-engine-68327
What do you mean?
When you do the verification flow it initializes things like csrf cookies and a flow ID. You then need to submit the email to Kratos and this is only a singular submission per flow ID / csrf cookie.
c
cool-engine-68327
08/09/2022, 3:24 PMHey, hi
cool-engine-68327
08/09/2022, 3:24 PMI want to implement the “resend verification email” flow
My use case is the following:
1. My user wants to perform a registration operation. We initialize the flow and send the information to Ory.
2. My user receives an email with the link that he must use to verify her account.
3. This link expires, therefore, my user needs to receive an email again with a new link to verify.
4. I want to implement a simple button that resends said email, but without having to force my user to re-enter his email on the verification screen, it seems to me that it is not correct since if I obtain information about the status of the verification (for example, the token expired) should be able to automatically resend a new one, right?
cool-engine-68327
08/09/2022, 3:26 PMI understand that I could save the user’s email somewhere (cookie, sessionStorage, etc) but I wanted to know if Ory has a way to perform this action “automatically” and without interaction from us.
I imagine that the “correct” thing would be that the verification flow could be “restarted” by sending it the FlowID or something like that, but well, my question is that, what would be the path to follow to achieve this behavior?
e
elegant-grass-32698
08/09/2022, 3:42 PM@nice-nail-87463 any thoughts?
p
proud-plumber-24205
08/09/2022, 3:48 PMI guess your application could do the flow for the user if the user has a session. For instance, I can do the email flow without having a session and I can do it with a session.
In the case of a session we could have your system check the verification status and then if not verified, do an ajax call for the verification init, auto get the email from the current session and complete the verification flow. This can all be done in Ajax in the background, with no user interaction.
proud-plumber-24205
08/09/2022, 3:50 PMIf you have a different usecase where you are storing who has done a verification flow, however you keep track of the verification status and expiry date, you could extract this information on your server and redo the flow in the same manner without them having a session.
e
elegant-grass-32698
08/09/2022, 3:52 PMit can start again the flow, but I need the user email to submit the data and re-sent the email. I do not see how to send that submit without asking the mail to user and not using an storage (sessions, cookies, etc)
p
proud-plumber-24205
08/09/2022, 3:53 PMThe user doesn't need to be verified for instance to log in. You could do restrictions in your app depending on the verification status, which you can retrieve (with their email) from the
sessions/whoamie
elegant-grass-32698
08/09/2022, 3:55 PMBasically, i have a csrf token and use it for all my calls. I don't wanna have more info saved in localstorage or somewhere else which is not safe. what do u recommend as good practice?
p
proud-plumber-24205
08/09/2022, 4:00 PMyes, i do not recommend you store any long-term information inside a client-side application (e.g. Chrome localstorage).
You have a couple of options:
1.
Assuming the user is still on the same computer waiting for the link etc. then you can store the user email they registered with in-memory. Obviously if the user closes the browser the data will be gone.
2.
If you have a different usecase where you are storing who has done a verification flow - you keep track of the verification status and expiry date - you could extract this information on your server and redo the verification flow automatically.
3.
In the case of a session we could have your system check the verification status and then if not verified, do an ajax call for the verification init, auto get the email from the current session and complete the verification flow. This can all be done in Ajax in the background, with no user interaction.
12 Views