New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to get verification flow id after registration when using code method. #2975
Comments
Facing the same issue. |
Assigning jonas, he is however on vacation until the new year |
Hi all! Sorry for the confusion on this topic, and thanks for your reports. In truth, this feature is not completely done, and so the current "ergonomics" of the flow are not perfect. The ultimate goal is to show the form right after the registration is done, the verification flow is created, and the code is sent to the user. However, there currently are multiple issues with this idea, preventing us from shipping this straight away:
|
It would also be great if the SDK's could return the ID of the verification flow with the JSON response, after the registration or settings flow was successful, so that an app can redirect the user to the correct flow. |
I have another use-case. I want to make verification with code part of registration flow. And make smooth UX with AJAX requests. It would possible, if I could disable autosend code at registration by kratos config. And initiate verification flow by frontend. But when customer recieve code on email, I just don't have id and csrf_token for verification flow on registration page. So user just need to click link. And I can't create new verification flow and send second email - that is bad UX - which code user should use? Also, in such case there is no difference with magic link. I have code in query parameters, email not needed (it already in flow) and csrf_token I can get by AJAX GET verification flow - I can just make AJAX POST request and show, thal all done. |
@Akkarine +1 |
We're prioritizing this issue. If you're encountering this problem, for now fall back to magic links :) @jonas-jonas would it not be possible to add the link URL for the code with the flow ID (similar to magic links) to the email template? |
can we send current active verification flow id inside session object. eg -
SORRY for bad syntax |
My first thought was, that we can use the new page/state transition (error) schema here (see #2884). However, it's quite hard to figure out when to actually respond with that response, as not everyone wants to show the verification flow directly after the registration flow. This makes the API pretty weird and quite unpredictable, IMO. Kratos also supports multiple verifiable addresses, and picking which flow to redirect to here is also non-trivial, further adding to the complexity of the API. Which leaves @maipal-oscoy's proposal, which could work, as the implementor of the UI probably knows which verifiable address to use, as they control the schema. However, from an API consumer standpoint, I don't think returning a list of flows is optimal here. Which flow do you pick here? IMO, we should just return a single "id": "3d34d7e6-c7ca-436f-8f83-85f2e5274d03",
...
"verifiable_addresses": [
{
"id": "fea22b48-a8ff-4cb7-878e-cdf7acd8485d",
"value": "foo@ory.sh",
"verified": false,
"via": "email",
"status": "sent",
"created_at": "2023-03-03T18:28:52.874827+01:00",
"updated_at": "2023-03-03T18:28:52.874827+01:00",
"verification_flow_id": "7de0fe6f-781a-412f-8fa8-6c4ee584be0d"
}
],
... Now, the dev implementing a UI, can choose to show the verification UI, or ignore it and let the user click on the link in the email. We should probably add a check, that removes the ID if the flow expired. Alternatively, we can keep the ID and if the flow expired, but is fetched, re-issue a new verification flow (the current behavior). LMKWYT, and if I missed anything. |
Thanks @jonas-jonas , i thought verification link/code usually takes 10-15 minutes to expire. However we can customize verification flow expiration time but it doesn't make sense if code/link expires before flow. That's why i thought we will have a few active flows. And sending them in array will not be a big deal. But sending single latest active flow will work for me. |
Another flexibility will be , create a new route that will allow us to fetch all current active flows for a particular user. So we will fetch the flow ourself. There are few suggestions from my side.
Correct me if i am wrong. Because i don't know too much about security. Take it as a feedback from user. That's all |
Please don't overthink about it. Just give us verification flow id in registration response or provide option to disable auto-creation verification flow at registration. |
Preflight checklist
Describe the bug
Greetings,
We are using ory Kratos (v.0.11.0) with the FrontendApi in our React Native app. We were previously using link as verification method and now we have migrated to code. And after calling the
updateRegistrationFlow
function, the verification code is sent automatically, without us creating a Native Verification Flow manually by callingcreateNativeVerificationFlow
. Hence, since we don't know the id of the verification flow which was just created, we can't really call theupdateVerificationFlow
function when the code is entered. We tried to use the id from the Registration flow, thinking that since it creates the Verification Flow the id's might be the same. But obviously that was not the case.Here the question is, how to access the id of the Verification flow so that we can call the update function and do the verification?
In the relevant fields of kratos.yml we have :
We call the registration flow as follows:
With kratosApi being
When we call the flow like this, we do get an email with the code inside to the email address that's specified in the
traits.email
field. Alongside, we also get the id of the verification flow which was created by the registration flow. But we need to get the id in the code somehow in order to use it in verification for theflow
field which can be seen in the next code block.And finally, we are trying to get the verification as follows:
Thank you and best regards,
Reproducing the bug
Adding kratos v0.11.0 to the application and specifying the kratos version in docker-compose.yml & kube-kratos-values.yml
Enabling and adding code as verification method in kratos.yml
Creating a Native Registration flow with FrontendApi and updating the flow with the account parameters needed.
The verification flow will have been automatically created, mail will be sent to the email address stated in traits with the id, but the id of verification flow is unreachable to the code to call
updateVerificationFlow
with it.Relevant log output
No response
Relevant configuration
No response
Version
0.11.0
On which operating system are you observing this issue?
Linux
In which environment are you deploying?
Docker Compose
Additional Context
No response
The text was updated successfully, but these errors were encountered: