Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hi everyone,
I was looking into having customized labels returned from Kratos APIs for fields like password or even the submit button itself, but after quickly looking trough the source code and asking the AI bot, it looks like they are hard-coded values. Now at this point mine is more a proposal, why do we have the CSRF token only inside the ui nodes if the UI system is really limited in terms of customization?

You can build a fully custom UI: <https://www.ory.sh/docs/getting-started/custom-ui>
Including customizing all messages, as they have fixed IDs and context for templating: <https://www.ory.sh/docs/kratos/concepts/ui-messages>
Not sure what your problem with the csrf token is, but you can read up on the most common problems here: <https://www.ory.sh/docs/troubleshooting/csrf>

Got it, I wasn’t aware about those IDs. Thanks