We have a self-hosted Kratos installation with OID...
# ory-selfhostingr
rich-sunset-13215
08/29/2025, 8:14 PMWe have a self-hosted Kratos installation with OIDC configured for Google. We're seeing Kratos send verification emails on initial registration even when we try to carry over the email verification status from Google.
Kratos config for registration
Copy code
flows:
registration:
enable_legacy_one_step: true
ui_url: ...
lifespan: 1h
after:
hooks:
- hook: web_hook
config:
oidc:
hooks:
- hook: web_hook
config: ...
- hook: session Copy code
local claims = {
email_verified: false,
} + std.extVar('claims');
{
identity: {
traits: {
'firstName': if 'given_name' in claims then claims.given_name else "",
'lastName': if 'family_name' in claims then claims.family_name else "",
[if "email" in claims then "email" else null]: std.asciiLower(claims.email),
[if 'phone_number' in claims && claims.phone_number_verified then 'phone_number' else null]: claims.phone_number,
'organization': if 'hd' in claims then claims.hd else ""
},
},
verified_addresses: std.prune([
// Carry over verified status from Social Sign-In provider.
if 'email' in claims && claims.email_verified then { via: 'email', value: std.asciiLower(claims.email) },
]),
} Copy code
"verifiable_addresses": [
{
"via": "email",
"value": "john@gmail.com",
"verified": false,
"status": "pending"
}
] Copy code
"mapper_jsonnet_output":"{
"identity": {
"traits": {
"email": "john@gmail.com",
"firstName": "John",
"lastName": "Doe",
"organization": ""
}
},
"verified_addresses": [
{
"value": "john@gmail.com",
"via": "email"
}
]
}rich-sunset-13215
08/29/2025, 8:28 PMSolved!
Looks like
verified_addressesidentity5 Views