ory
Verify email through admin endpoints
Preflight checklist
- [X] I could not find a solution in the existing issues, docs, nor discussions.
- [X] I agree to follow this project's Code of Conduct.
- [X] I have read and am following this repository's Contribution Guidelines.
- [ ] This issue affects my Ory Cloud project.
- [X] I have joined the Ory Community Slack.
- [X] I am signed up to the Ory Security Patch Newsletter.
Describe your problem
At the moment we are trying to invite a user to our platform using the recovery method described here: https://github.com/ory/kratos/discussions/1342
This process requires them to access their emails for the invitation where they will then be redirected to create a password. I feel like this is sufficient enough for showing that they are verified.
So with that being said it would be nice to have an admin endpoint to manually update their verified status to true. We could high jack the admin identity update endpoint to do this. The create endpoint allows you to specify a verified email but that requires an id which can't be obtained because the email hasn't been registered in out system
Describe your ideal solution
When creating/updating an identity through the admin endpoints we should be able to set a verified email address.
Workarounds or alternatives
Manually access the kratos database
Version
v0.9.0-alpha.3
Additional Context
No response
I'm looking into the same issue. The email in question is verified implicit when user completes the recovery flow triggered by the link in the mail. Shouldn't Kratos automatically treat this as verified and update the verified status?
Sometimes recovery and verification addresses are different, so we can't neccessarily automatically update it for both :)
ok I see, and the token in the recovery is not connected to one specific address?
I wanted to say that you can have a verified address ([email protected]) and a recovery address ([email protected]) which are not the same. But then I thought that it would probably be possible to verify an the address when you're recovering an address that is equal to it.
I am also seeking this feature. My use case is when dealing with e2e tests, as it would be great to have a simple admin endpoint for verifying created users as a part of the test flow so that it does not fail from the require_verified_address hook.
Just wanted to flag that this is also a thing we'd get value from, in case additional voices might help guide prioritization.
This would be helpful since we upgraded to Ory Kratos v0.11+ because of the expanded Admin APIs. We've been able to implement a better Invite System but we have to create Identities with "verified" : true right now. While the invited user cannot login, they do have the means to initiate a recovery flow.
In lieu of making this part of the whole User Invites Flow (#2525), would it be possible just to get this end point in a minor update?
POST /admin/verification identity_id: {id} identifier: {id}
https://github.com/ory/kratos/pull/3059 introduces this feature for webhooks, so this is now possible in the business logic and probably quite easy to expand to the admin api!