Hi I was wondering if it s possible to remove the `courier s Ory Community #talk-kratos

Hi! I was wondering if it's possible to remove the...

acoustic-insurance-23566

08/11/2022, 7:05 PM

Hi! I was wondering if it's possible to remove the

courier.smtp.connection_uri

properties form the configuration file without it breaking? We are not planning to use these features for now and I'd like to avoid having unused configuration in place. If I just remove the lines from the yaml file, kratos fails with the following error

Copy code

kratos-config-kratos-1          | The configuration contains values or keys which are invalid:
kratos-config-kratos-1          | courier.smtp.connection_uri: <nil>
kratos-config-kratos-1          |                              ^-- one or more required properties are missing
kratos-config-kratos-1          | 
kratos-config-kratos-1          | time=2022-08-11T19:04:17Z level=fatal msg=Unable to instantiate configuration. func=<http://github.com/ory/kratos/driver.NewWithoutInit|github.com/ory/kratos/driver.NewWithoutInit> file=/project/driver/factory.go:26 audience=application error=map[message:I[#/courier/smtp] S[#/properties/courier/properties/smtp/required] missing properties: "connection_uri" stack_trace:stack trace could not be recovered from error type *jsonschema.ValidationError] service_name=Ory Kratos service_version=v0.10.1

Would you have any hints on this?

bland-eye-99092

08/11/2022, 7:10 PM

Hi, this is not possible, as kratos validates configuration files and the

connection_uri

is required. It just needs to be a URL starting with

smtp://

smtps://

though. So maybe you can just set it a “dummy” URL, something like smtps://localhost:1025 for example? If you don’t trigger any mails kratos shouldn’t try to connect to it. Keep in mind though, that a lot of features of kratos currently rely on emails. So without it those features will not work.

acoustic-insurance-23566

08/11/2022, 7:14 PM

Thanks, that's what I thought. And thanks for the hint - I'm aware of it, for now we want to keep things simple and minimal 🙂

bland-eye-99092

08/11/2022, 7:16 PM

Yes, just re-read you question - makes sense. Maybe we can introduce configuration to disable the courier in the future, as the current setup for email sending is not completely optimal and might be refactored at some point.

acoustic-insurance-23566

08/11/2022, 7:26 PM

Not a high priority from my PoV 🙂 Maybe to give you some clarity on our use-case: we just need a centrally managed identity and authentication service. We don't want the users to be able to do anything with their accounts, we want to create the accounts for them. At least for now (early stages of the product). Over time we might move to a different model where all the other features are relevant.

acoustic-insurance-23566

08/11/2022, 7:27 PM

Thanks for the instant response though! It's really great, and impressive, that you're active on these channels!

bland-eye-99092

08/11/2022, 7:32 PM

Sure, sounds reasonable! Questions and comments like your’s helps us better understand (potential) use-cases. So this is really a two-way street. Let us know, either here or on GitHub if you run into issues. 🙂

proud-plumber-24205

08/12/2022, 6:52 AM

We don't want the users to be able to do anything with their accounts

You can also disable the self-service flows for registration. I believe recovery / verification can also be disabled, however, it won't just disable the feature for end-users, but also for admins creating recovery links.

proud-plumber-24205

08/12/2022, 6:54 AM

Copy code

## Enable User Registration ##
      #
      # If set to true will enable [User Registration](<https://www.ory.sh/kratos/docs/self-service/flows/user-registration/>).
      #
      # Default value: true
      #
      # Set this value using environment variables on
      # - Linux/macOS:
      #    $ export SELFSERVICE_FLOWS_REGISTRATION_ENABLED=<value>
      # - Windows Command Line (CMD):
      #    > set SELFSERVICE_FLOWS_REGISTRATION_ENABLED=<value>
      #
      enabled: false

selfservice.flows.registration.enabled: false

proud-plumber-24205

08/12/2022, 6:54 AM

https://www.ory.sh/docs/kratos/reference/configuration

full-truck-32091

08/12/2022, 8:43 AM

Hi there, I’m reacting to this thread because we have the same use case where we want to disable self services for users. I have been able to disable nicely recovery / verification / profile (settings) flows but looks like we can’t disable account linking even with

selfservice.methods.link.enabled

and

selfservice.methods.profile.enabled

false

. Am I missing another configuration ? Thanks for the help you provide to the community 🙏

proud-plumber-24205

08/12/2022, 8:44 AM

@full-truck-32091 do you mean the user shouldn't be allowed to "unlink" a linked OIDC provider or they should even be able to link an OIDC provider at all?

full-truck-32091

08/12/2022, 8:49 AM

IMHO when

profile

is disabled to avoid settings updates from users (email, name, etc) it would make sense to also disable account linking and unlinking, even better it may be another settings

proud-plumber-24205

08/12/2022, 2:39 PM

but then why not disable OIDC entirely then? or do you as the admin want to control that as well?

proud-plumber-24205

08/12/2022, 2:40 PM

If you think this would be a useful feature, please open an issue in Kratos so that it can be discussed there 🙂

acoustic-insurance-23566

08/12/2022, 6:05 PM

Thanks @proud-plumber-24205, we disable these options. I just wanted to remove and unused portion of the configuration so that there's no unused constants there.

bored-vegetable-68997

09/15/2022, 7:52 AM

Hi, I have a similar use case where I want to disable profile changes (password, name, etc.) for end users. But I couldn't figure out how to disable that. What parameter do I have to set in the configuration? So far I tried

selfservice.flows.settings.enabled = false

, but that seems to be invalid.

172 Views

Open in Slack

Previous Next