kratos
kratos copied to clipboard
ory
Start verification flow when updating verifiable address via API (or send or generate verification link via API)
Preflight checklist
- [X] I could not find a solution in the existing issues, docs, nor discussions.
- [X] I agree to follow this project's Code of Conduct.
- [X] I have read and am following this repository's Contribution Guidelines.
- [ ] This issue affects my Ory Cloud project.
- [X] I have joined the Ory Community Slack.
- [X] I am signed up to the Ory Security Patch Newsletter.
Describe your problem
I implemented an email update flow based on one primary_email trait and one secondary_emails trait (as described in https://github.com/ory/kratos/discussions/2501). I'm hiding those traits from the UI during the settings flow. These traits can only be updated via a custom UI that uses the Kratos API to update the identity.
Now the problem is that both the primary email and the secondary emails are verifiable, but when I update the secondary_emails trait via the Kratos API, no verification flow is initiated.
Describe your ideal solution
If a verifiable address is changed in the settings flow, a verification mail is automatically sent to the new address. Ideally, I would expect this to happen when I update the value via the API as well.
Workarounds or alternatives
Alternatively, there could be an API endpoint to trigger the verification flow for the given identity ID and address.
Another less convenient option would be to add another endpoint for just creating a verification link that I can send to the user in my Kratos client application (analogous to the POST /admin/recovery/link endpoint).
Right now, the only option is to redirect the user to the verification form and ask them to submit the form, which is certainly less than ideal from a UX perspective.
Version
0.10.1
Additional Context
No response
There are two things for this:
- Managing a user as an admin probably does warrant in most cases to trigger the verification flow
- Importing users in most cases won't warrant this email
So I think this has to be optionally enabled, maybe similar to the recovery admin flow.
Hello contributors!
I am marking this issue as stale as it has not received any engagement from the community or maintainers for a year. That does not imply that the issue has no merit! If you feel strongly about this issue
- open a PR referencing and resolving the issue;
- leave a comment on it and discuss ideas on how you could contribute towards resolving it;
- leave a comment and describe in detail why this issue is critical for your use case;
- open a new issue with updated details and a plan for resolving the issue.
Throughout its lifetime, Ory has received over 10.000 issues and PRs. To sustain that growth, we need to prioritize and focus on issues that are important to the community. A good indication of importance, and thus priority, is activity on a topic.
Unfortunately, burnout has become a topic of concern amongst open-source projects.
It can lead to severe personal and health issues as well as opening catastrophic attack vectors.
The motivation for this automation is to help prioritize issues in the backlog and not ignore, reject, or belittle anyone.
If this issue was marked as stale erroneously you can exempt it by adding the backlog label, assigning someone, or setting a milestone for it.
Thank you for your understanding and to anyone who participated in the conversation! And as written above, please do participate in the conversation if this topic is important to you!
Thank you 🙏✌️
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}