I want to create the user using identity , and then send the email to user for setting their own password. how can i achieve that

You can create an identity through the API https://www.ory.sh/docs/reference/api#tag/identity/operation/createIdentity and then trigger a recovery flow for this identity, which sends them an email to “invite” and add credentials to the identity. https://www.ory.sh/docs/kratos/self-service/flows/account-recovery-password-reset

thanks, and how about read the password from identity. we have usecase to reset password, where user can provide old password and new password

@adorable-bird-44969 AFAIS, email templates can be customised in “Customize” / “Email Configuration” module of Ory Console. See also https://www.ory.sh/docs/kratos/emails-sms/custom-email-templates However, it’s a pity that there is only a fixed set of templates – one can’t have distinct “invite” and “recover” templates because they both fall into

recovery.valid

flow. @magnificent-energy-493 am I right, or is there more flexibility there?

There is more flexibility if you are using nested templates, as described at the bottom of this doc: https://www.ory.sh/docs/kratos/emails-sms/custom-email-templates So you can set up a template that contains one for invite and recover based on some traits or metadata in the identity. What traits/metadata you use and how you add/create the identity exactly depends on your invite flow. I am looking to add an example for invites, so if you can share more details over how it should look from the end user perspective that would help with making the example realistic.

Awesome! @adorable-bird-44969 I’m sorry for hijacking your thread, but it seems we have similar use-cases. For us it would look something like this: • an administrator creates a “user” in our system • this results in an API call to ory-network/kratos to create an identity • the user gets an invitation email, follows it and completes their account setup.

no worries, we have same requirements

Hello @handsome-agency-20541 @adorable-bird-44969 I looked into it further and it got something wrong, the recovery flow does not actually send an email when triggered manually. You get back a response like so:

{
  "recovery_link": "/ui/recovery?flow=79686c66-e427-4c1b-861e-083572f97964",
  "recovery_code": "76453943",
  "expires_at": "2022-10-25T03:09:37.60684766Z"
}

This you can then pipe to an email provider to send your custom invite template. So your can configure the Ory email templates “normally” and use another provider for the invite flow. What would service would you use for the email, do you have any preferences as to how to send the email? I would include that part in the guide as well.

Heh… I have looked at examples in https://www.ory.sh/docs/kratos/self-service/flows/account-recovery-password-reset#code-examples, specifically at “Golang (API Flow)“. This one actually makes it possible to send a recovery link, if we ignore the fact that this flow is not really intended for the backend use.

even i would prefer to keep it simple, and use ory as much as possible

That would be a HUGE inconvenience.

Yea totally understandable. AFAIK at the moment there is no option to send these manually created recovery flows using the built-in courier. We have an open issue to improve the “invite” flows: https://github.com/ory/kratos/issues/2525 including sending the email through our courier. Feel free to leave some feedback/ideas there, it helps us a lot to develop an improved solution. I can’t give out any timelines for this feature unfortunately. Should you be an Ory Network user, feel free to also create a feature request here: https://github.com/ory/network/issues.