Skip to main content

Setting up Account Recovery and Password Reset

To set up account recovery, your Identity Schema must have an email in its traits and add

{
  "ory.sh/kratos": {
    "recovery": {
      "via": "email"
    }
  }
}

to it, for example:

{
  "$id": "https://schemas.ory.sh/presets/kratos/quickstart/email-password/identity.schema.json",
  "$schema": "http://json-schema.org/draft-07/schema#",
  "title": "Person",
  "type": "object",
  "properties": {
    "traits": {
      "type": "object",
      "properties": {
        "email": {
          "type": "string",
          "format": "email",
          "title": "E-Mail",
          "minLength": 3,
+         "ory.sh/kratos": {
+           "recovery": {
+             "via": "email"
+           }
+         }
        }
      }
    }
  }
}

Account recovery currently supports sending out a recovery link to an email address. For this to work, you must have the courier SMTP connection configured in your Ory Kratos Config File (kratos serve -c /home/kratos/.kratos.yml):

 # Ory Kratos Config File
+courier:
+  smtp:
+    connection_uri: smtps://username:password@smtp-server:1234/
 # ...

You also need to enable account recovery and have the link method enabled:

 selfservice:
   methods:
     link:
       # Defaults to true, so left out. If you explicitly want to disable this method,
       # set the value to `false`.
       #
       # enabled: true

       config:
         # If the link should point to a domain (and path) that differs from the configured public base URL,
         # set this value to the base URL you want:
         base_url: https://my-example-domain.com

   flows:
     # login ...
     # registration...

+    recovery:
+      enabled: true
+      ui_url: http://127.0.0.1:4455/recovery

 # ...

That all that's needed! For more information on implementing the UI and details about the payloads, head over to the Account Recovery Documentation!