Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"Code" method replacing existing methods #3942

Open
4 of 5 tasks
brenobaptista opened this issue Jun 2, 2024 · 2 comments
Open
4 of 5 tasks

"Code" method replacing existing methods #3942

brenobaptista opened this issue Jun 2, 2024 · 2 comments
Labels
bug Something is not working.

Comments

@brenobaptista
Copy link

brenobaptista commented Jun 2, 2024
edited

Preflight checklist

Ory Network Project

No response

Describe the bug

if you create an account with passwordless, the config is completely messed up (first screenshot)
but if you first create an account with password then the passwordless config, it works fine (just brackets {})

image
image

Reproducing the bug

We updated Kratos to v1.1.0 then ran kratos migrate sql -e --yes url...

For some reason sign in with code (passwordless, magic codes) is working fine for new users but for existing users instead of creating config correctly (just {}) it creates something like {"address_type":"","used_at":{"Time":"0001-01-01T00:00:00Z","Valid":false}} but most importantly it replaces the current method (password/SSO) with just passwordless

image

here the SSO getting replaced by code (check the created_at, 8 min later)

image
image

Relevant log output

No response

Relevant configuration

No response

Version

1.1.0

On which operating system are you observing this issue?

None

In which environment are you deploying?

Kubernetes

Additional Context

I first contacted on Slack about this 3 months ago, no response.
@brenobaptista brenobaptista added the bug Something is not working. label Jun 2, 2024
@aeneasr
Copy link
Member

aeneasr commented Jun 3, 2024

Looks like a configuration error - probably an incorrect or malformed identity schema

@brenobaptista
Copy link
Author

brenobaptista commented Aug 22, 2024
edited

Sorry for the delay, I wasn't notified via email.

We followed the instructions from the website: https://www.ory.sh/docs/kratos/passwordless/one-time-code

This is our identity schema:

apiVersion: v1
kind: ConfigMap
metadata:
  name: identity-schema-config
  namespace: redacted
data:
  identity.schema.json: |
    {
      "$id": "https://schemas.ory.sh/presets/kratos/quickstart/email-password/identity.schema.json",
      "$schema": "http://json-schema.org/draft-07/schema#",
      "title": "Person",
      "type": "object",
      "properties": {
        "traits": {
          "type": "object",
          "properties": {
            "email": {
              "type": "string",
              "format": "email",
              "title": "E-Mail",
              "minLength": 3,
              "ory.sh/kratos": {
                "credentials": {
                  "password": {
                    "identifier": true
                  },
                  "totp": {
                    "account_name": true
                  },
                  "code": {
                    "identifier": true,
                    "via": "email"
                  }
                },
                "verification": {
                  "via": "email"
                },
                "recovery": {
                  "via": "email"
                }
              }
            }
          },
          "required": [
            "email"
          ],
          "additionalProperties": false
        }
      }
    }

In case it helps, this is our config (staging version):

apiVersion: v1
kind: ConfigMap
metadata:
  name: kratos-config
  namespace: redacted
data:
  kratos.yml: |
    version: v1.1.0
    dev: false
    session:
      cookie:
        domain: redacted
    serve:
      public:
        base_url: redacted
        cors:
          enabled: true
          allowed_origins:
            - redacted
          allowed_methods:
            - POST
            - GET
            - PUT
            - PATCH
            - DELETE
          allowed_headers:
            - Authorization
            - Cookie
            - Content-Type
          exposed_headers:
            - Content-Type
            - Set-Cookie
      admin:
        base_url: redacted
    selfservice:
      default_browser_return_url: redacted
      allowed_return_urls:
        - redacted
      methods:
        password:
          enabled: true
        code:
          passwordless_enabled: true
        oidc:
          config:
            providers:
              - id: google
                provider: google
                client_id: redacted
                client_secret: redacted
                mapper_url: "file:///etc/config/oauth/google-jsonnet.txt"
                scope:
                  - email
                  - profile
                requested_claims:
                  id_token:
                    email:
                      essential: true
                    email_verified:
                      essential: true
              - id: microsoft
                provider: microsoft
                client_id: redacted
                client_secret: redacted
                microsoft_tenant: common
                mapper_url: "file:///etc/config/oauth/microsoft-jsonnet.txt"
                scope:
                  - profile
                  - email
                requested_claims:
                  id_token:
                    email:
                      essential: true
                    email_verified:
                      essential: true
          enabled: true
        totp:
          config:
            issuer: redacted
          enabled: true
        lookup_secret:
          enabled: true
      flows:
        error:
          ui_url: redacted/error
        settings:
          ui_url: redacted/settings
          privileged_session_max_age: 87600h
        recovery:
          enabled: true
          ui_url: redacted/recovery
        verification:
          enabled: true
          ui_url: redacted/verification
        logout:
          after:
            default_browser_return_url: redacted/login
        login:
          ui_url: redacted/login
          lifespan: 10m
          after:
            oidc:
              default_browser_return_url: redacted/api/verification
        registration:
          login_hints: true
          lifespan: 10m
          ui_url: redacted/registration
          after:
            password:
              hooks:
                - hook: web_hook # To use webhooks, you must set 'hook' to 'web_hook'
                  config:
                    url: http://svc-user:3000/webhooks/validate-email
                    method: POST # HTTP method used to send request to the webhook URL.
                    body: base64://ZnVuY3Rpb24oY3R4KSB7IGVtYWlsOiBjdHguaWRlbnRpdHkudHJhaXRzLmVtYWlsIH0= # Encoded Jsonnet template used to render payload.
                    can_interrupt: true
                    response:
                      ignore: false # Defines if the webhook response should be ignored and run async. Boolean. OPTIONAL
                - hook: session
            oidc:
              hooks:
                - hook: session
                - hook: show_verification_ui
            code:
              hooks:
                - hook: session
    log:
      level: debug
      format: text
      leak_sensitive_values: false
    secrets:
      cookie:
        - redacted
      cipher:
        - redacted
    ciphers:
      algorithm: xchacha20-poly1305
    hashers:
      algorithm: bcrypt
      bcrypt:
        cost: 8
    identity:
      default_schema_id: default
      schemas:
        - id: default
          url: file:///etc/config/kratos/identity.schema.json
    courier:
      smtp:
        from_address: noreply@notifications.redacted

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something is not working.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aeneasr @brenobaptista