Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hi all :wave: is there any way to validate registration flow inputs _without_ submitting the flow? We have a multi step registration UI and would ideally like to validate the inputs on each step before progressing and without submitting the final form and authenticating the user. (but still validate via Kratos etc)

You can validate each step from the client side using the Kratos schema and in the end send the form to validate with Kratos

Thanks - I think that would be ok for validating email, names, etc. but is there any way to validate the password (including the haveIBeenPwned DB check) before we submit the form?

We'd ideally like to not have to send the user back to the password step if they reach the last step and only then detect the password has been found in data breaches

I guess you are looking for <https://github.com/ory/kratos/issues/136>