To implement "forgot password" (account recovery) via email in self-hosted Ory Kratos, follow these steps: 1. Configure the Identity Schema for Recovery via Email Ensure your identity schema includes an email trait and specifies recovery via email. For example:

json    {      "$id": "<https://schemas.ory.sh/presets/kratos/quickstart/email-password/identity.schema.json>",      "$schema": "<http://json-schema.org/draft-07/schema#>",      "title": "Person",      "type": "object",      "properties": {        "traits": {          "type": "object",          "properties": {            "email": {              "type": "string",              "format": "email",              "<http://ory.sh/kratos|ory.sh/kratos>": {                "recovery": {                  "via": "email"                }              }            }          }        }      }    }

[Account activation and email verification settings](https://www.ory.sh/docs/kratos/self-hosted/account-activation-email-verification) 2. Enable and Configure the Recovery Flow In your Kratos configuration file, enable the recovery flow and set the UI URL:

yaml    selfservice:      flows:        recovery:          enabled: true          ui_url: <http://127.0.0.1:4455/recovery>

[Account recovery and password reset](https://www.ory.sh/docs/kratos/self-service/flows/account-recovery-password-reset) 3. Set Up SMTP for Email Delivery Configure the SMTP settings so Kratos can send emails:

yaml    courier:      smtp:        connection_uri: <smtps://username:password@smtp-server:1234/>

[Account activation and email verification settings](https://www.ory.sh/docs/kratos/self-hosted/account-activation-email-verification) 4. (Optional) Customize Email Templates You can use the default email templates or provide your own for branding and localization. For self-hosted Kratos, you can override templates using file, HTTP, or base64 URIs. Example:

yaml    courier:      template_override_path: /conf/courier-template      templates:        recovery:          valid:            email:              body:                html: file:///conf/courier-template/recovery/valid/email.body.gotmpl                plaintext: file:///conf/courier-template/recovery/valid/email.body.gotmpl              subject: file:///conf/courier-template/recovery/valid/email.subject.gotmpl

[Email templates in self-hosted Ory Kratos](https://www.ory.sh/docs/kratos/self-hosted/mail-courier-templates) 5. User Flow - The user clicks "Forgot Password" and enters their email. - Kratos sends a recovery email (either with a code or a link, depending on your configuration). - The user follows the instructions in the email to reset their password. Note: Ory recommends using the "one-time code" (

code

) method for recovery, as it is more robust than "magic links" (

link

). You can configure which method to use in your Kratos configuration. [Account recovery and password reset](https://www.ory.sh/docs/kratos/self-service/flows/account-recovery-password-reset) For more details and advanced configuration, refer to the [Account Recovery Documentation](https://www.ory.sh/docs/kratos/self-service/flows/account-recovery-password-reset).