Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hi all, does anyone know if `recovery` via phone is supported for an identity schema that uses phone (only) as a `username` with no registered email? It appears that a recovery URL can be generated through the API (and possibly sent manually by SMS), but the visiting the URL - at least through the demo code in selfservice-ui-node - seems to throw a 500 if an email is not provided for the identity. Our requirements include admin based API registration for identities and would ideally be able to send verification to the registered phone number, and allow users to reset their passwords through recovery (using the same phone number).