Setting up Account Recovery and Password Reset
To set up account recovery, your Identity Schema must have an email in its traits and add
{
"ory.sh/kratos": {
"recovery": {
"via": "email"
}
}
}
to it, for example:
{
"$id": "https://schemas.ory.sh/presets/kratos/quickstart/email-password/identity.schema.json",
"$schema": "http://json-schema.org/draft-07/schema#",
"title": "Person",
"type": "object",
"properties": {
"traits": {
"type": "object",
"properties": {
"email": {
"type": "string",
"format": "email",
"title": "E-Mail",
"minLength": 3,
+ "ory.sh/kratos": {
+ "recovery": {
+ "via": "email"
+ }
+ }
}
}
}
}
}
Account recovery supports sending out a recovery link to an email address. For
this to work, you must have the courier SMTP connection configured in your Ory
Kratos Config File (kratos serve -c /home/kratos/.kratos.yml
):
# Ory Kratos Config File
+courier:
+ smtp:
+ connection_uri: smtps://username:password@smtp-server:1234/
# ...
You also need to enable account recovery and have the link
method enabled:
selfservice:
methods:
link:
# Defaults to true, so left out. If you explicitly want to disable this method,
# set the value to `false`.
#
# enabled: true
config:
# If the link should point to a domain (and path) that differs from the configured public base URL,
# set this value to the base URL you want:
base_url: https://my-example-domain.com
flows:
# login ...
# registration...
+ recovery:
+ enabled: true
+ ui_url: http://127.0.0.1:4455/recovery
# ...
That all that's needed! For more information on implementing the UI and details about the payloads, head over to the Account Recovery Documentation!
Invalidate Other Sessions​
To invalidate all other sessions upon successful account recovery, add the
revoke_active_sessions
hook to:
selfservice:
flows:
recovery:
enabled: true
ui_url: http://127.0.0.1:4455/recovery
+ after:
+ hooks:
+ - hook: revoke_active_sessions