< chilly king 10285> what is `group` in ui nodes and when us Ory Community #ory-copilot

<@U04UQ68083H> what is `group` in ui nodes and whe...

refined-helicopter-87799

09/03/2025, 4:46 PM

@chilly-king-10285 what is

group

in ui nodes and when used default group?

chilly-king-10285

09/03/2025, 4:46 PM

A message from kapa.ai

chilly-king-10285

09/03/2025, 4:46 PM

In Ory UI nodes, the

group

property specifies which group (such as password, OIDC, profile, etc.) the node belongs to. This grouping is used to organize UI elements based on their function or the authentication method they relate to. For example, nodes related to password authentication are in the

password

group, while those for social login might be in the

oidc

group. The

default

group is typically used for nodes that are not specific to any authentication method but are required for the form to function correctly. A common example is the CSRF token, which is usually placed in the

default

group. This allows you to filter, re-arrange, or render these nodes differently in your UI as needed. For instance, when rendering a form, you might include all nodes from the

password

group for password login, but also need to include the CSRF token from the

default

group for security reasons. Here’s an example of a hidden input node (CSRF token) in the

default

group:

Copy code

json {   "type": "input",   "group": "default",   "attributes": {     "name": "csrf_token",     "type": "hidden",     "value": "By8X7TPnn/NMtXeDpK6sbshISK3t1WnezAtlMnFA6ZPsxxNmRsG8ks7WpsHMQtTLbxtqKJOiu4aArJok6/GOSw==",     "required": true,     "disabled": false,     "node_type": "input"   },   "messages": [],   "meta": {} }

In summary, the

group

property helps you organize and render UI nodes appropriately, and the

default

group is mainly used for generic or required fields like CSRF tokens that are not tied to a specific authentication method. You may need to include nodes from the

default

group alongside method-specific groups when building your forms [Understanding UI nodes and error messages](https://www.ory.sh/docs/kratos/concepts/ui-user-interface#ui-input-nodes) [Hidden input node](https://www.ory.sh/docs/kratos/concepts/ui-user-interface#hidden-input-node).

refined-helicopter-87799

09/03/2025, 4:48 PM

Are there other input types in the default group?

refined-helicopter-87799

09/03/2025, 4:48 PM

@chilly-king-10285 Are there other input types in the default group?

chilly-king-10285

09/03/2025, 4:48 PM

A message from kapa.ai

chilly-king-10285

09/03/2025, 4:49 PM

Based on the provided knowledge sources, the most common input type found in the

default

group is the CSRF token, which is always included as a hidden input field in forms for security purposes [Hidden input node](https://www.ory.sh/docs/kratos/concepts/ui-user-interface#hidden-input-node). The documentation and examples consistently show the CSRF token as the primary (and often only) input in the

default

group. There is no explicit mention in the knowledge sources of other input types (such as text, email, password, etc.) being used in the

default

group. Other input types are typically grouped according to their function, such as

password

profile

, or

oidc

[Understanding UI nodes and error messages](https://www.ory.sh/docs/kratos/concepts/ui-user-interface#ui-input-nodes). In summary: The knowledge sources only show the CSRF token as an input in the

default

group. There is no information about other input types being used in this group.

refined-helicopter-87799

09/03/2025, 4:51 PM

@chilly-king-10285 Why I'm getting password & code inputs during creating login flow? And why email is in default group?

Copy code

[
    {
        "type": "input",
        "group": "default",
        "attributes": {
            "name": "csrf_token",
            "type": "hidden",
            "value": "x2Qnb4lTHroC/SFb/cQOjEpoim3P0C0TJfH8UPkeWCwssQ1vl2LxWNG5iQjB+VG14D/SN2nou2JDQLVGsNyr9A==",
            "required": true,
            "disabled": false,
            "node_type": "input"
        },
        "messages": [],
        "meta": {}
    },
    {
        "type": "input",
        "group": "default",
        "attributes": {
            "name": "identifier",
            "type": "text",
            "value": "",
            "required": true,
            "disabled": false,
            "node_type": "input"
        },
        "messages": [],
        "meta": {
            "label": {
                "id": 1070002,
                "text": "E-Mail",
                "type": "info",
                "context": {
                    "title": "E-Mail"
                }
            }
        }
    },
    {
        "type": "input",
        "group": "code",
        "attributes": {
            "name": "method",
            "type": "submit",
            "value": "code",
            "disabled": false,
            "node_type": "input"
        },
        "messages": [],
        "meta": {
            "label": {
                "id": 1010015,
                "text": "Send sign in code",
                "type": "info"
            }
        }
    },
    {
        "type": "input",
        "group": "password",
        "attributes": {
            "name": "password",
            "type": "password",
            "required": true,
            "autocomplete": "current-password",
            "disabled": false,
            "node_type": "input"
        },
        "messages": [],
        "meta": {
            "label": {
                "id": 1070001,
                "text": "Password",
                "type": "info"
            }
        }
    },
    {
        "type": "input",
        "group": "password",
        "attributes": {
            "name": "method",
            "type": "submit",
            "value": "password",
            "disabled": false,
            "node_type": "input"
        },
        "messages": [],
        "meta": {
            "label": {
                "id": 1010022,
                "text": "Sign in with password",
                "type": "info"
            }
        }
    }
]

chilly-king-10285

09/03/2025, 4:51 PM

A message from kapa.ai

chilly-king-10285

09/03/2025, 4:52 PM

You are seeing both password and code inputs during the login flow because your Ory Kratos configuration has both the password and code (passwordless) login methods enabled. When multiple authentication methods are enabled, the login flow will include UI nodes for each available method, allowing the user to choose how they want to authenticate (e.g., with a password or by receiving a code) [Requesting a login code returns HTTP 400](https://github.com/ory/kratos/issues/4052). Regarding why the email (identifier) input is in the

default

group: The

identifier

field (such as email or username) is placed in the

default

group because it is required by multiple authentication methods (e.g., both password and code). The

default

group is used for nodes that are not specific to a single method but are shared across methods, such as the CSRF token and the identifier input. This design allows the same identifier field to be reused for different login methods without duplication [Understanding UI nodes and error messages](https://www.ory.sh/docs/kratos/concepts/ui-user-interface#ui-node-groups). In summary: - Password & code inputs: Both are shown because both methods are enabled in your configuration. - Email in default group: The identifier is in the

default

group because it is shared by multiple authentication methods and not tied to just one. If you need to render the UI correctly, you should group and display the nodes according to their

group

property, including the

default

group fields where required by each method [Incorrect UI nodes for using OIDC and password flow together](https://github.com/ory/network/issues/143).

refined-helicopter-87799

09/03/2025, 4:54 PM

You are seeing both password and code inputs during the login flow because your Ory Kratos configuration has both the password and code (passwordless) login methods enabled.

@chilly-king-10285 if I have a few login methods how kratos knows which one was submitted?

chilly-king-10285

09/03/2025, 4:54 PM

A message from kapa.ai

chilly-king-10285

09/03/2025, 4:54 PM

Ory Kratos determines which login method was submitted by inspecting the value of the

method

field in the submitted form data. Each authentication method (such as

password

code

oidc

, etc.) has a corresponding submit button or field with the name

method

and a value set to the method's name. When the user submits the form, the value of the

method

field tells Kratos which authentication strategy to use for processing the login attempt. For example, in your UI nodes, you have:

Copy code

json {     "type": "input",     "group": "code",     "attributes": {         "name": "method",         "type": "submit",         "value": "code",         ...     } }, {     "type": "input",     "group": "password",     "attributes": {         "name": "method",         "type": "submit",         "value": "password",         ...     } }

When the user clicks "Send sign in code," the form submits with

method=code

. If they click "Sign in with password," it submits with

method=password

. Kratos uses this value to route the request to the appropriate authentication handler [Kratos API Reference - updateLoginFlow](https://raw.githubusercontent.com/ory/kratos/master/spec/api.json). This mechanism is consistent across all supported login methods, ensuring that Kratos can always identify which method the user selected during the login flow.

Open in Slack

Previous Next