acoustic-shampoo-32095
12/01/2024, 2:59 AMbrief-egg-61061
12/01/2024, 2:59 AMbrief-egg-61061
12/01/2024, 2:59 AM/self-service/verification/browser
endpoint, and for native applications, the /self-service/verification/api
endpoint [Docs > Kratos > Bring-your-own-ui > Integration basics > Verification flow](https://www.ory.sh/docs/kratos/bring-your-own-ui/custom-ui-basic-integration#verification-flow). It's important to note that the exact implementation of a multi-step registration process with preliminary email checks is not directly covered in the provided knowledge sources. You would need to combine Ory's verification capabilities with your own custom logic to achieve this specific workflow. For the most up-to-date and detailed information, I recommend consulting the official Ory documentation or reaching out to Ory support for guidance on implementing this specific use case.acoustic-shampoo-32095
12/01/2024, 3:01 AMbrief-egg-61061
12/01/2024, 3:01 AMbrief-egg-61061
12/01/2024, 3:02 AM{
"id": 4000007,
"text": "An account with the same identifier (email, phone, username, ...) exists already.",
"type": "error",
"context": {}
}
3. Implementing a pre-check for email existence could potentially expose your system to account enumeration vulnerabilities. Ory's design seems to intentionally avoid this [Github Issue: Configurable Account Enumeration protection in Account Experience](https://github.com/ory/network/issues/229). 4. If you still want to implement this check, you would need to create a custom solution in your application layer, before interacting with Ory's registration flow. However, this approach is not recommended from a security perspective. 5. Instead of checking email existence upfront, a more secure approach would be to handle the registration attempt and then provide appropriate feedback to the user based on the response from Ory. This way, you maintain security while still guiding the user through the registration process. Remember, the recommended practice is to avoid exposing whether an email exists in your system before the actual registration attempt, as this helps protect against potential security threats.