Update to latest kratos; add support for a custom status trait to represent whether a user is locked or not; refactor so-user to use new enable/disable capabilities in SOC; remove 'delete' option from so-user usage to avoid having user lists out of sync across SOC and external apps

2026-04-24 21:47:48 +02:00 · 2020-09-04 17:01:45 -04:00
parent 351e7761ef
commit f27e5164d0
8 changed files with 129 additions and 85 deletions
@@ -6,52 +6,39 @@ selfservice:
    password:
      enabled: true

-  settings:
-    privileged_session_max_age: 1m
-    after:
-      profile:
-        hooks:
-          - hook: verify
-          
-  verify:
-    return_to: https://{{ WEBACCESS }}/
+  flows:
+    settings:
+      ui_url: https://{{ WEBACCESS }}/?r=/settings

-  logout:
-    redirect_to: https://{{ WEBACCESS }}/login/
+    verification:
+      ui_url: https://{{ WEBACCESS }}/

-  login:
-    request_lifespan: 10m
+    login:
+      ui_url: https://{{ WEBACCESS }}/login/

-  registration:
-    request_lifespan: 10m
-    after:
-      password:
-        hooks:
-          - hook: session
-          - hook: verify
+    error:
+      ui_url: https://{{ WEBACCESS }}/login/
+
+    registration:
+      ui_url: https://{{ WEBACCESS }}/login/
+    
+  default_browser_return_url: https://{{ WEBACCESS }}/
+  whitelisted_return_urls:
+    - http://127.0.0.1

 log:
  level: debug
  format: json

 secrets:
-  session:
+  default:
    - {{ KRATOSKEY }}

-urls:
-  login_ui: https://{{ WEBACCESS }}/login/
-  registration_ui: https://{{ WEBACCESS }}/login/
-  error_ui: https://{{ WEBACCESS }}/login/
-  settings_ui: https://{{ WEBACCESS }}/?r=/settings
-  verify_ui: https://{{ WEBACCESS }}/
-  mfa_ui: https://{{ WEBACCESS }}/
-
-  self:
-    public: https://{{ WEBACCESS }}/auth/
-    admin: https://{{ WEBACCESS }}/kratos/
-  default_return_to: https://{{ WEBACCESS }}/
-  whitelisted_return_to_urls:
-    - http://127.0.0.1
+serve:
+  public: 
+    base_url: https://{{ WEBACCESS }}/auth/
+  admin: 
+    base_url: https://{{ WEBACCESS }}/kratos/

 hashers:
  argon2:
@@ -62,8 +49,7 @@ hashers:
    key_length: 32

 identity:
-  traits:
-    default_schema_url: file:///kratos-conf/schema.json
+  default_schema_url: file:///kratos-conf/schema.json

 courier:
  smtp:
@@ -4,37 +4,46 @@
    "title": "Person",
    "type": "object",
    "properties": {
-      "email": {
-        "type": "string",
-        "format": "email",
-        "title": "E-Mail",
-        "minLength": 6,
-        "ory.sh/kratos": {
-          "credentials": {
-            "password": {
-              "identifier": true
+      "traits": {
+        "type": "object",
+        "properties": {
+        "email": {
+          "type": "string",
+          "format": "email",
+          "title": "E-Mail",
+          "minLength": 6,
+          "ory.sh/kratos": {
+            "credentials": {
+              "password": {
+                "identifier": true
+              }
+            },
+            "verification": {
+              "via": "email"
            }
-          },
-          "verification": {
-            "via": "email"
          }
-        }
+        },
+        "firstName": {
+          "type": "string",
+          "title": "First Name"
+        },
+        "lastName": {
+          "type": "string",
+          "title": "Last Name"
+        },
+        "role": {
+          "type": "string",
+          "title": "Role"
+        },
+        "status": {
+          "type": "string",
+          "title": "Status"
+        }      
      },
-      "firstName": {
-        "type": "string",
-        "title": "First Name"
-      },
-      "lastName": {
-        "type": "string",
-        "title": "Last Name"
-      },
-      "role": {
-        "type": "string",
-        "title": "Role"
-      }
-    },
-    "required": [
-      "email"
-    ],
-    "additionalProperties": false
-  }
+      "required": [
+        "email"
+      ],
+      "additionalProperties": false
+    }
+  }
+}