https://www.ory.sh/ logo
Join Slack
Powered by
<@U04UQ68083H> Hi everyone, I’m experiencing an i...
# ory-copilot
s
@chilly-king-10285 Hi everyone, I’m experiencing an issue when trying to set the recovery flow for the phone number field via 
"sms"
. It throws an error stating that only 
"email"
is a valid enum value, which doesn’t seem correct. Could you please take a look and share your suggestions on what might be causing this? Thanks in advance! Error:
Copy code
kratos                   | I[#] S[#/allOf/1] allOf failed
kratos                   |   I[#/properties/traits/properties/phone_number] S[#/allOf/1/properties/properties/properties/traits/properties/properties/patternProperties/.%2A/allOf/0] allOf failed             
kratos                   |     I[#/properties/traits/properties/phone_number] S[#/allOf/1/properties/properties/properties/traits/properties/properties/patternProperties/.%2A/allOf/0/$ref] doesn't validate with "<ory://identity-extension#>"                                                                                                                                                                                
kratos                   |       I[#/properties/traits/properties/phone_number] S[#/allOf/0] allOf failed
kratos                   |         I[#/properties/traits/properties/phone_number/ory.sh~1kratos/recovery/via] S[#/allOf/0/properties/ory.sh~1kratos/properties/recovery/properties/via/enum] value must be "email"
Schema:
Copy code
{
  "$schema": "<http://json-schema.org/draft-07/schema#>",
  "title": "Person",
  "type": "object",
  "properties": {
    "traits": {
      "type": "object",
      "properties": {
        "first_name": {
          "type": "string",
          "title": "First Name",
          "minLength": 1,
          "maxLength": 64,
          "pattern": "^[a-zA-Z]+$"
        },
        "last_name": {
          "type": "string",
          "title": "Last Name",
          "minLength": 1,
          "maxLength": 64,
          "pattern": "^[a-zA-Z]+$"
        },
        "email": {
          "type": [
            "string",
            "null"
          ],
          "format": "email",
          "title": "Email Address",
          "<http://ory.sh/kratos|ory.sh/kratos>": {
            "credentials": {
              "password": {
                "identifier": true
              },
              "webauthn": {
                "identifier": true
              },
              "totp": {
                "account_name": true
              },
              "code": {
                "identifier": true,
                "via": "email"
              },
              "passkey": {
                "display_name": true
              }
            },
            "recovery": {
              "via": "email"
            },
            "verification": {
              "via": "email"
            }
          },
          "maxLength": 320
        },
        "phone_number": {
          "type": [
            "string",
            "null"
          ],
          "format": "tel",
          "title": "Phone Number",
          "<http://ory.sh/kratos|ory.sh/kratos>": {
            "credentials": {
              "password": {
                "identifier": true
              },
              "webauthn": {
                "identifier": true
              },
              "totp": {
                "account_name": true
              },
              "code": {
                "identifier": true,
                "via": "sms"
              },
              "passkey": {
                "display_name": true
              }
            },
            "recovery": {
              "via": "sms"
            },
            "verification": {
              "via": "sms"
            }
          }
        },
        "avatar": {
          "type": [
            "string",
            "null"
          ],
          "title": "Avatar URL",
          "maxLength": 2048,
          "readOnly": true
        },
        "type": {
          "type": "string",
          "title": "Type",
          "default": "professional",
          "enum": [
            "client",
            "professional"
          ]
        }
      },
      "required": [
        "first_name",
        "last_name",
        "type"
      ],
      "anyOf": [
        {
          "required": [
            "email"
          ]
        },
        {
          "required": [
            "phone_number"
          ]
        }
      ],
      "additionalProperties": false
    }
  }
}
Config will be attached in next message due to limits.
b
A message from kapa.ai
Your issue is caused by a current limitation in Ory Kratos: the identity schema does not support 
"recovery": { "via": "sms" }
for phone numbers. Only 
"email"
is accepted as a valid value for the recovery method in the schema. This is confirmed by both the error message and community reports: > The configuration contains values or keys which are invalid: > properties.traits.properties.phone_number.ory\.sh/kratos.recovery.via: sms > ^-- value must be "email" This is a known limitation in Ory Kratos. Even though the documentation in some places suggests that SMS recovery is possible, the actual schema validation only allows 
"email"
for the 
recovery.via
field. Attempts to use 
"sms"
will result in the error you are seeing. This is also discussed in the official GitHub issues, where users and maintainers confirm that recovery via SMS is not yet supported in the schema, and the documentation may be misleading on this point. Removing 
"recovery": { "via": "sms" }
from your schema will resolve the error, but you will not be able to use SMS for account recovery at this time [[Github Issue: Setting up identity schema with "Recovery via SMS" throwing error](https://github.com/ory/kratos/issues/4262)]. Summary: - Only 
"email"
is supported for 
recovery.via
in the identity schema. - 
"sms"
is not currently supported and will cause a schema validation error. - This is a known limitation and is being discussed by the Ory team and community. If you need SMS-based recovery, you will need to wait for official support or consider alternative flows (such as using login with code via SMS, which does not use the recovery flow) [[Github Issue: Setting up identity schema with "Recovery via SMS" throwing error](https://github.com/ory/kratos/issues/4262)]. If you have further questions or need a workaround, let me know!
s
@chilly-king-10285 check this official doc: https://www.ory.sh/docs/kratos/self-service/flows/account-recovery-password-reset schema shown on website:
Copy code
{
  "$id": "<https://example.com/registration.schema.json>",
  "$schema": "<http://json-schema.org/draft-07/schema#>",
  "title": "Person",
  "type": "object",
  "properties": {
    "traits": {
      "type": "object",
      "properties": {
        "email": {
          "title": "Email",
          "type": "string",
          "format": "email",
          "<http://ory.sh/kratos|ory.sh/kratos>": {
            "credentials": {
              "password": {
                "identifier": true
              },
              "code": {
                "identifier": true,
                "via": "email"
              }
            },
            "recovery": {
              "via": "email"
            }
          }
        },
        "telephoneNumber": {
          "type": "string",
          "format": "tel",
          "title": "Telephone Number",
          "minLength": 3,
          "<http://ory.sh/kratos|ory.sh/kratos>": {
            "credentials": {
              "password": {
                "identifier": true
              },
              "code": {
                "identifier": true,
                "via": "sms"
              }
            },
            "verification": {
              "via": "sms"
            },
            "recovery": {
              "via": "sms"
            }
          }
        }
      },
      "required": [
        "email"
      ],
      "additionalProperties": false
    }
  }
}
you still sure that it is not supported?
b
A message from kapa.ai
Thank you for pointing out the schema example from the official documentation. According to the [Ory Kratos documentation on account recovery and password reset](https://www.ory.sh/docs/kratos/self-service/flows/account-recovery-password-reset#account-recovery-address), the schema example does indeed show 
"recovery": { "via": "sms" }
for a phone number field:
Copy code
json "telephoneNumber": {   "type": "string",   "format": "tel",   "title": "Telephone Number",   "minLength": 3,   "<http://ory.sh/kratos|ory.sh/kratos>": {     "credentials": {       "password": {         "identifier": true       },       "code": {         "identifier": true,         "via": "sms"       }     },     "verification": {       "via": "sms"     },     "recovery": {       "via": "sms"     }   } }
However, based on the knowledge sources provided—including user reports and GitHub issues—**this configuration is not currently supported in Ory Kratos open source**. When you attempt to use 
"recovery": { "via": "sms" }
in your schema, Kratos throws a validation error stating that only 
"email"
is a valid value for the 
recovery.via
field. This is confirmed by multiple users and maintainers in [GitHub Issue #4262](https://github.com/ory/kratos/issues/4262), where it is explained that the schema validator only accepts 
"email"
for recovery, and 
"sms"
is not yet supported. So, while the documentation shows this as an example, the actual implementation in the current open-source version of Ory Kratos does not support recovery via SMS. This discrepancy between the documentation and the product's current capabilities has been noted by the community and is a source of confusion. In summary: - The official docs show 
"recovery": { "via": "sms" }
as an example. - The current open-source implementation does not support this and will throw a validation error. - Only 
"email"
is accepted for 
recovery.via
in the schema at this time [GitHub Issue #4262](https://github.com/ory/kratos/issues/4262). If you need SMS-based recovery, you will need to wait for official support or use alternative flows, such as login with code via SMS, which does not use the recovery flow.
s
@chilly-king-10285 so if it is not supported yet, what should I do in my app? what will happen if user try recovery flow with phone number, what if user only have phone number set in identity? that means that account cannot be recovered or what?
b
A message from kapa.ai
Based on the current state of Ory Kratos as described in the knowledge sources, recovery via SMS is not supported in the open-source version. The schema validator only accepts 
"email"
for the 
recovery.via
field. If you try to configure recovery via SMS, Kratos will throw a validation error and will not start with that schema [Github Issue: Setting up identity schema with "Recovery via SMS" throwing error](https://github.com/ory/kratos/issues/4262). ### What happens if a user tries to recover with a phone number? - If the user only has a phone number set in their identity and no email address: The account cannot be recovered using the standard recovery flow, because Kratos will not recognize the phone number as a valid recovery address. The recovery flow will not complete, and no recovery code will be sent via SMS. The UI will not indicate whether the address is valid or not, to prevent account enumeration, but the user will not be able to recover their account [What happens if the address provided by the user is 'wrong'?](https://www.ory.sh/docs/identities/get-started/account-recovery#what-happens-if-the-address-provided-by-the-user-is-wrong). - If the user has both email and phone number: Only the email address will be used for recovery, as only 
"email"
is supported for the recovery flow. ### What should you do in your app? - Require users to set an email address as a recovery address in addition to (or instead of) a phone number. - Do not rely on SMS-based recovery until official support is available. - If your use case requires phone-only users, you may need to implement a custom recovery process outside of Kratos, or use the "login with code" flow via SMS, which can mark the phone number as verified but is not a true recovery flow [Cannot Verify Phone](https://github.com/ory/network/issues/406). Summary: If a user only has a phone number, their account cannot be recovered using the built-in recovery flow. You should require an email address for account recovery until SMS recovery is officially supported.
s
@chilly-king-10285 what happens if I do recovery via email on phone number field?
b
A message from kapa.ai
If you configure the phone number field in your identity schema to use 
"recovery": { "via": "email" }
, Ory Kratos will attempt to send the recovery message to the value stored in the phone number field, but it will treat it as an email address. This means: - If the value in the phone number field is not a valid email address, the recovery flow will fail because the system will try to send an email to an invalid address. - If, by coincidence, the phone number field contains a valid email address, the recovery email will be sent there. This approach is not intended or supported for phone numbers, and will not result in SMS-based recovery. The system does not convert or route recovery messages to SMS if the field is configured with `"via": "email"`—it simply uses the value as an email address [What happens if the address provided by the user is 'wrong'?](https://www.ory.sh/docs/identities/get-started/account-recovery#what-happens-if-the-address-provided-by-the-user-is-wrong). In summary: Configuring recovery via email on a phone number field will not work for SMS, and will only succeed if the phone number field contains a valid email address. Otherwise, the recovery flow will fail.
7 Views
Open in Slack
PreviousNext
Powered by