https://www.ory.sh/ logo
Join Slack
Powered by
Question: If we make verify email compulsory after...
# ory-selfhosting
m
Question: If we make verify email compulsory after sign-up; seems like we have to login after verification. Can this be avoided? We would like to have the user redirected to our app after verification. Please advise.
we are using
Copy code
hook: require_verified_address
under login in our template.yaml
m
m
We wanted to have a flow where we prompt a user to verify after signup so we just did it at the UI level rather than using require_verified_address - which leads to re login required
g
yes. but the problem with this challenge is that any user who can use the kratos api can sign in via api without having to verify email. I suggest the configuration from the backend.
Copy code
If we make verify email compulsory after sign-up; seems like we have to login after verification. Can this be avoided
yes, just make sure to have the 
session
hook configured. like this.
here is the possible hook you can configure according to the jsonschema
m
awesome, thanks! Will try and let you know.
m
Hi @magnificent-energy-493 and @gray-library-49237 Thank you for the answers! I am working on this with @magnificent-oxygen-19823 . So, in the example you showed, what you advise is these two hooks, right ?
Copy code
- hook: show_verification_ui
            - hook: session
And we wouldn't need the 
hook: require_verified_address
anymore ? If still needed, in which order should we have them ? Thank you again!
Oh wait, the
Copy code
- hook: require_verified_address
is in the 
login
section, let me try this first please
Ok, so I tried what you mentioned @magnificent-energy-493 and @gray-library-49237
Copy code
login:
      after:
        hooks:
          - hook: require_verified_address
and
Copy code
registration:
      after:
          password:
              hooks:
                 - hook: show_verification_ui
                 - hook: session
And honestly we come close to what what we want, with one problem though: => At login page=> If user is not verified, they cannot log in => At registration => We show verification step + automatically log in at the end of the flow => At registration => We show verification step, but user can decide to ignore the verification step and go back to the app, and they will be logged in regardless (here, we don't want the user to be logged in if they haven't completed the verification process) Do you happen to know how we could handle that one last scenario so that the user simply is NOT logged in during registration if they haven't completed the verification process ? Thanks again!! fyi @magnificent-oxygen-19823
g
I don’t think that’s possible. Here is the possible settings for after registration
Copy code
selfServiceAfterRegistrationMethod": {
      "type": "object",
      "additionalProperties": false,
      "properties": {
        "default_browser_return_url": {
          "$ref": "#/definitions/defaultReturnTo"
        },
        "hooks": {
          "type": "array",
          "items": {
            "anyOf": [
              {
                "$ref": "#/definitions/selfServiceSessionIssuerHook"
              },
              {
                "$ref": "#/definitions/selfServiceWebHook"
              },
              {
                "$ref": "#/definitions/selfServiceShowVerificationUIHook"
              },
              {
                "$ref": "#/definitions/b2bSSOHook"
              }
            ]
          },
          "uniqueItems": true,
          "additionalItems": false
        }
None relating to require verified address.
You can still try to use the webhook hook to check if the user has verified the email and stop the login. The hook can be between the show verification ui and the session hook
m
Thanks so much for the answer!! Ok, you mean, a custom web_hook hook, right ?
g
Yes.
m
Awesome, thanks, will look into that.
5 Views
Open in Slack
PreviousNext
Powered by