Certainly! Here’s a step-by-step guide to account recovery using email in Ory Kratos: --- ### 1. Enable and Configure Account Recovery - Via Ory Console: 1. Log in to your [Ory Console](https://console.ory.sh/). 2. Select your workspace and project. 3. Go to Authentication → Account recovery. 4. Toggle "Enable account recovery" to on. 5. Choose your recovery strategy: - One-time code: Sends a code via email. - Magic link: Sends a link via email. 6. Click Save. - Via Configuration File: 1. Download your current configuration:

ory get identity-config --project <project-id> --workspace <workspace-id> --format yaml > identity-config.yaml

2. Edit the configuration to enable recovery and set the method:

yaml      selfservice:        methods:          code: # Use 'link' for magic link method            enabled: true            config:              lifespan: 15m        flows:          recovery:            enabled: true            lifespan: 1h            use: code # or 'link'            notify_unknown_recipients: false

3. Update your configuration:

ory update identity-config --project <project-id> --workspace <workspace-id> --file identity-config.yaml

[Get started: Account recovery](https://www.ory.sh/docs/identities/get-started/account-recovery) --- ### 2. Set Up Your Identity Schema Ensure your identity schema marks the email trait as a recovery address:

json {   "traits": {     "email": {       "type": "string",       "format": "email",       "<http://ory.sh/kratos|ory.sh/kratos>": {         "recovery": { "via": "email" }       }     }   } }

[Account recovery address](https://www.ory.sh/docs/kratos/self-service/flows/account-recovery-password-reset#account-recovery-address) --- ### 3. Initiate the Recovery Flow - Direct the user to the recovery page:

html   <a href="$ORY_SDK_URL/self-service/recovery/browser">Recover your account</a>

- The user enters their email address and submits the form. --- ### 4. User Receives Recovery Email - If using the code method: The user receives a one-time code via email. - If using the link method: The user receives a recovery link via email. --- ### 5. Complete the Recovery Flow - Code method: The user enters the received code on the recovery page. - Link method: The user clicks the link in their email. After successful verification, the user is prompted to set a new password and regains access to their account. --- ### 6. Example: Submitting the Recovery Flow (Code Method)

bash curl -X POST -H 'Content-Type: application/json' \     -H 'Accept: application/json' \     -d '{"method":"code","email":"<mailto:email@example.com|email@example.com>","csrf_token":"your-csrf-token"}' \     -b cookies.txt \     "https://$<http://PROJECT_SLUG.projects.oryapis.com/self-service/recovery?flow=<your-flow-id|PROJECT_SLUG.projects.oryapis.com/self-service/recovery?flow=<your-flow-id>>"

[Submit recovery flow](https://www.ory.sh/docs/kratos/bring-your-own-ui/custom-ui-basic-integration#submit-recovery-flow) --- What users will see: 1. Enter email on the recovery page. 2. Receive a code or link via email. 3. Enter the code or click the link. 4. Set a new password. 5. Regain access to their account. --- If you need more details on customizing email templates or supporting multiple recovery addresses, let me know!

A message from kapa.ai

Certainly! Here’s a step-by-step guide to recover an account using email with Ory Kratos, based strictly on the official documentation: --- ### 1. Ensure Account Recovery is Enabled - In the Ory Console, go to Authentication → Account recovery and enable account recovery. - Choose your recovery strategy: - One-time code (recommended) - Magic link (legacy, not recommended) - Save your changes. Alternatively, in your configuration file, ensure the following is set:

yaml selfservice:   methods:     code: # Use 'link' for magic link method       enabled: true       config:         lifespan: 15m   flows:     recovery:       enabled: true       lifespan: 1h       use: code # or 'link'       notify_unknown_recipients: false

[Source: Get started: Account recovery](https://www.ory.sh/docs/identities/get-started/account-recovery) --- ### 2. Make Sure Your Identity Schema Supports Recovery Your identity schema should mark the email trait as a recovery address:

json {   "traits": {     "email": {       "type": "string",       "format": "email",       "<http://ory.sh/kratos|ory.sh/kratos>": {         "recovery": { "via": "email" }       }     }   } }

[Source: Account recovery address](https://www.ory.sh/docs/kratos/self-service/flows/account-recovery-password-reset#account-recovery-address) --- ### 3. User Initiates Recovery - The user visits the recovery page (e.g.,

/self-service/recovery/browser

). - They enter their email address and submit the form. --- ### 4. User Receives Recovery Email - If using the code method: The user receives a one-time code via email. - If using the link method: The user receives a recovery link via email. --- ### 5. User Completes Recovery - Code method: The user enters the received code on the recovery page. - Link method: The user clicks the link in their email. After this, the user is prompted to set a new password and regains access to their account. [Source: Account recovery and password reset](https://www.ory.sh/docs/kratos/self-service/flows/account-recovery-password-reset) --- If you need to customize the email templates or support multiple recovery addresses, refer to the relevant documentation sections. If you need more technical details (such as API calls), let me know!

New message text here

Once you have received the recovery code via email, the next step using AJAX is to submit this code to the Ory Kratos recovery flow endpoint. You should send a POST request to the same recovery endpoint, but this time include the code (and the CSRF token if required for browser flows) in the request body. Do not include the email field when submitting the code. Here’s an example of how to submit the recovery code using AJAX (fetch):

js fetch("https://$<http://PROJECT_SLUG.projects.oryapis.com/self-service/recovery?flow=<your-flow-id|PROJECT_SLUG.projects.oryapis.com/self-service/recovery?flow=<your-flow-id>>", {   method: "POST",   headers: {     "Content-Type": "application/json",     "Accept": "application/json"   },   credentials: "include", // to send cookies if needed   body: JSON.stringify({     method: "code",     code: "the-code-you-received",     csrf_token: "your-csrf-token" // required for browser flows   }) })

- Replace

<your-flow-id>

with the actual recovery flow ID. - Replace

"the-code-you-received"

with the code from the email. - Include the CSRF token if your flow requires it (browser flows). This will complete the recovery flow. If the code is valid, the user will be prompted to set a new password and regain access to their account. References: - [Submit recovery flow](https://www.ory.sh/docs/kratos/bring-your-own-ui/custom-ui-basic-integration#submit-recovery-flow) - [API reference: updateRecoveryFlow request body](https://www.ory.sh/docs/kratos/reference/api#tag/frontend/operation/updateRecoveryFlow)

When you receive a response with a

continue_with

action of

"show_settings_ui"

and a

flow

object containing an

id

and a

url

, the next step is to redirect the user to the provided settings flow URL. This URL allows the user to update their account settings, such as setting a new password after a successful recovery. What to do next: - Redirect the user’s browser to the

url

provided in the

flow

object. - The user will be presented with the settings UI, where they can complete the process (e.g., set a new password). This is the standard behavior described for the

show_settings_ui

action in the Ory Kratos recovery and settings flows. The URL contains the flow ID, which is required to continue the process securely and contextually. > Indicates, that the UI flow could be continued by showing a settings ui > ...redirect the user's browser to this URL. This value is typically unset for native clients / API flows. [Ory API Reference – updateRecoveryFlow](https://www.ory.sh/docs/reference/api) So, your next step is to redirect the user to the given settings flow URL to allow them to update their settings and complete the recovery process.