Hi all!
I'm new here so I'm not sure I'm posting t...
# talk-kratosb
bulky-boots-25191
12/18/2022, 7:08 AMHi all!
I'm new here so I'm not sure I'm posting this to a right channel.
We use password-based authentication in our app and recently migrated from magic links to code-based email verification. In theory, that could allow for better UX, e.g.
1. Right after the registration, the code input is presented to a user
2. Assuming the user was signing up from a PC, he could input the code found in the notifications on the mobile (without even having to click the link in the email).
This kind of UX, however, requires that the client knows the verification flow id that was created during the registration. My question here is whether this flow ID is exposed in some of the calls, I can't find any info on that.
If not, does this story look legit though? Should I submit a feature request on Github then?
m
magnificent-energy-493
12/19/2022, 9:33 AM
Hello @bulky-boots-25191, story looks legit! and you got the right channel as well 🎉
This kind of UX, however, requires that the client knows the verification flow id that was created during the registrationSorry for the dumb question, but why? Would it not work like this: 1. user signs up 2. verification flow started, user gets redirected to “input code” screen 3. user receives code on their mobile/email whatever 4. user inputs code 5. 🎉 Maybe it is a bit early for me 😄
b
bulky-boots-25191
12/19/2022, 9:58 AMBecause to draw the code input and to be able to submit the code the client must know the verification flow id.
What you described is exactly how it should work except for 2: verification flow is not initialized by the client but rather started by Kratos as a part of the registration flow.
The only way to input the code from the email is to actually click the link that has the flow id in it. Without the link, the code that a user receives after the registration is unusable.
A solution could be to attach the verification flow id to the registration redirect url.
c
colossal-airline-19852
12/19/2022, 11:54 AMThis is exact same issue we are also having, we want to render the input box that can take the verification code that was sent as part of the successful registration flow.
but currently that verification flow id is not exposed as part of successful registration flow.
PS: If you trigger the new verification flow after the successful registration that will trigger the new email which confuses the user
m
magnificent-energy-493
12/19/2022, 2:38 PM
Hello @bulky-boots-25191 & @colossal-airline-19852
I was able to clarify this.
Currently there is no easy way to get the flow ID except clicking the link in the email.
The longer term goal is to let Kratos handle all of this.
We can show the verification code input right after registration,
we do have a working POC for this, but thats not yet done.
If you could open a feature request at the ory/kratos repo, that would help us to keep track of demand for this, thanks!
https://github.com/ory/kratos/issues/new?assignees=&labels=feat&template=FEATURE-REQUEST.yml
c
colossal-airline-19852
12/19/2022, 3:03 PMThanks @magnificent-energy-493,
Yes, will create the feature request, however, I am curios to know If there is a way/config to stop the verification email being sent as part of the successful registration?
m
magnificent-energy-493
12/19/2022, 4:19 PM
Do you want to disable verification completely or just not send the verification email as part of the registration?
How does verification work in your use case?
c
colossal-airline-19852
12/19/2022, 4:22 PMJust not to send the verification email as part of the registration.
m
magnificent-energy-493
12/19/2022, 4:27 PM
Hmm I am actually not sure if this is possible out of the box.
How are you running Kratos? on your own infra or in Ory Network?
c
colossal-airline-19852
12/19/2022, 4:28 PMCurrently running on our own
colossal-airline-19852
12/19/2022, 5:42 PMTrying to figure out a work around, so the idea here is,
We can initiate the verification flow immediately after the successful registration to solve problem of presenting the verification input box,
but the problem will be, 2 emails being sent to the user
1. as part of the successful registration flow
2. as part of the new verification flow triggering after the registration.
this will confuse the user and not a good user experience since there will be 2 emails, the user entering a wrong verification code is high.
So if we can prevent the verification email being sent as part of 1 (successful registration). There will be only one verification email goes to the user as part of 2 (new verification flow after registration).
So if there is a way to not send the verification email as part of the registration(1) then it would solve the problem of presenting the verification code input box by initiating the verification flow after successful registration.
any thoughts @magnificent-energy-493?
fyi: @bulky-boots-25191
m
magnificent-energy-493
12/19/2022, 9:36 PM
Hey @colossal-airline-19852
I agree 2 emails in this case is not ideal.
I am not sure where the best place to tweak this would be, I am also not sure how the email is triggered exactly in the sign up flow.
Maybe you can look into the code a bit and find out where the best place to solve this would be.
https://github.com/ory/kratos/tree/master/courier
this issue might also be relevant to you https://github.com/ory/kratos/issues/1835
this is probably also interesting
https://github.com/ory/kratos/pull/2585
2 Views