Implement Account Recovery #37
Comments
aeneasr
added a commit
that referenced
this issue
May 19, 2020
This patch implements the account recovery request skeleton with endpoints such as "Init Account Recovery", a new config value `urls�.recovery_ui` and so on. Additionally, some refactoring was made to DRY code and make naming consistent. See #37 BREAKING CHANGEs: The field `identity.addresses` has moved to `identity.verifiable_addresses`. A new field has been added `identity.recovery_addresses`. Configuration key `selfservice.verify` was renamed to `selfservice.verification`. Configuration key `selfservice.verification.link_lifespan` has been merged with `selfservice.verification.request_lifespan`.
aeneasr
added a commit
that referenced
this issue
May 19, 2020
This patch implements the account recovery request skeleton with endpoints such as "Init Account Recovery", a new config value `urls�.recovery_ui` and so on. Additionally, some refactoring was made to DRY code and make naming consistent. See #37 BREAKING CHANGEs: The field `identity.addresses` has moved to `identity.verifiable_addresses`. A new field has been added `identity.recovery_addresses`. Configuration key `selfservice.verify` was renamed to `selfservice.verification`. Configuration key `selfservice.verification.link_lifespan` has been merged with `selfservice.verification.request_lifespan`.
2 tasks
aeneasr
added a commit
that referenced
this issue
Jun 3, 2020
This patch implements the account recovery request skeleton with endpoints such as "Init Account Recovery", a new config value `urls�.recovery_ui` and so on. Additionally, some refactoring was made to DRY code and make naming consistent. See #37 BREAKING CHANGEs: The field `identity.addresses` has moved to `identity.verifiable_addresses`. A new field has been added `identity.recovery_addresses`. Configuration key `selfservice.verify` was renamed to `selfservice.verification`. Configuration key `selfservice.verification.link_lifespan` has been merged with `selfservice.verification.request_lifespan`.
aeneasr
added a commit
that referenced
this issue
Jun 3, 2020
This patch implements the account recovery with endpoints such as "Init Account Recovery", a new config value `urls.recovery_ui` and so on. Additionally, some refactoring was made to DRY code and make naming consistent. As part of dependency upgrades, structured logging has also improved and an audit trail prototype has been added (currently streams to stderr only). Closes #37 BREAKING CHANGES: * Applying this patch requires running SQL Migrations. * The field `identity.addresses` has moved to `identity.verifiable_addresses`. A new field has been added `identity.recovery_addresses`. Configuration key `selfservice.verify` was renamed to `selfservice.verification`. Configuration key `selfservice.verification.link_lifespan` has been merged with `selfservice.verification.request_lifespan`.
aeneasr
added a commit
that referenced
this issue
Jun 3, 2020
This patch implements the account recovery with endpoints such as "Init Account Recovery", a new config value `urls.recovery_ui` and so on. Additionally, some refactoring was made to DRY code and make naming consistent. As part of dependency upgrades, structured logging has also improved and an audit trail prototype has been added (currently streams to stderr only). Closes #37 BREAKING CHANGES: * Applying this patch requires running SQL Migrations. * The field `identity.addresses` has moved to `identity.verifiable_addresses`. A new field has been added `identity.recovery_addresses`. Configuration key `selfservice.verify` was renamed to `selfservice.verification`. Configuration key `selfservice.verification.link_lifespan` has been merged with `selfservice.verification.request_lifespan`.
aeneasr
added a commit
that referenced
this issue
Jun 3, 2020
This patch implements the account recovery with endpoints such as "Init Account Recovery", a new config value `urls.recovery_ui` and so on. Additionally, some refactoring was made to DRY code and make naming consistent. As part of dependency upgrades, structured logging has also improved and an audit trail prototype has been added (currently streams to stderr only). Closes #37 BREAKING CHANGES: * Applying this patch requires running SQL Migrations. * The field `identity.addresses` has moved to `identity.verifiable_addresses`. A new field has been added `identity.recovery_addresses`. Configuration key `selfservice.verify` was renamed to `selfservice.verification`. Configuration key `selfservice.verification.link_lifespan` has been merged with `selfservice.verification.request_lifespan`.
aeneasr
added a commit
that referenced
this issue
Jun 3, 2020
This patch implements the account recovery with endpoints such as "Init Account Recovery", a new config value `urls.recovery_ui` and so on. Additionally, some refactoring was made to DRY code and make naming consistent. As part of dependency upgrades, structured logging has also improved and an audit trail prototype has been added (currently streams to stderr only). Closes #37 BREAKING CHANGES: * Applying this patch requires running SQL Migrations. * The field `identity.addresses` has moved to `identity.verifiable_addresses`. A new field has been added `identity.recovery_addresses`. Configuration key `selfservice.verify` was renamed to `selfservice.verification`. Configuration key `selfservice.verification.link_lifespan` has been merged with `selfservice.verification.request_lifespan`.
aeneasr
added a commit
that referenced
this issue
Jun 3, 2020
This patch implements the account recovery request skeleton with endpoints such as "Init Account Recovery", a new config value `urls�.recovery_ui` and so on. Additionally, some refactoring was made to DRY code and make naming consistent. See #37 BREAKING CHANGEs: The field `identity.addresses` has moved to `identity.verifiable_addresses`. A new field has been added `identity.recovery_addresses`. Configuration key `selfservice.verify` was renamed to `selfservice.verification`. Configuration key `selfservice.verification.link_lifespan` has been merged with `selfservice.verification.request_lifespan`.
aeneasr
added a commit
that referenced
this issue
Jun 3, 2020
This patch implements the account recovery with endpoints such as "Init Account Recovery", a new config value `urls.recovery_ui` and so on. Additionally, some refactoring was made to DRY code and make naming consistent. As part of dependency upgrades, structured logging has also improved and an audit trail prototype has been added (currently streams to stderr only). Closes #37 BREAKING CHANGES: * Applying this patch requires running SQL Migrations. * The field `identity.addresses` has moved to `identity.verifiable_addresses`. A new field has been added `identity.recovery_addresses`. Configuration key `selfservice.verify` was renamed to `selfservice.verification`. Configuration key `selfservice.verification.link_lifespan` has been merged with `selfservice.verification.request_lifespan`.
aeneasr
added a commit
that referenced
this issue
Jun 5, 2020
This patch implements the account recovery with endpoints such as "Init Account Recovery", a new config value `urls.recovery_ui` and so on. Additionally, some refactoring was made to DRY code and make naming consistent. As part of dependency upgrades, structured logging has also improved and an audit trail prototype has been added (currently streams to stderr only). Closes #37 BREAKING CHANGES: * Applying this patch requires running SQL Migrations. * The field `identity.addresses` has moved to `identity.verifiable_addresses`. A new field has been added `identity.recovery_addresses`. Configuration key `selfservice.verify` was renamed to `selfservice.verification`. Configuration key `selfservice.verification.link_lifespan` has been merged with `selfservice.verification.request_lifespan`.
aeneasr
added a commit
that referenced
this issue
Jun 5, 2020
This patch implements the account recovery with endpoints such as "Init Account Recovery", a new config value `urls.recovery_ui` and so on. Additionally, some refactoring was made to DRY code and make naming consistent. As part of dependency upgrades, structured logging has also improved and an audit trail prototype has been added (currently streams to stderr only). Closes #37 BREAKING CHANGES: * Applying this patch requires running SQL Migrations. * The field `identity.addresses` has moved to `identity.verifiable_addresses`. A new field has been added `identity.recovery_addresses`. Configuration key `selfservice.verify` was renamed to `selfservice.verification`. Configuration key `selfservice.verification.link_lifespan` has been merged with `selfservice.verification.request_lifespan`.
aeneasr
added a commit
that referenced
this issue
Jun 5, 2020
This patch implements the account recovery with endpoints such as "Init Account Recovery", a new config value `urls.recovery_ui` and so on. Additionally, some refactoring was made to DRY code and make naming consistent. As part of dependency upgrades, structured logging has also improved and an audit trail prototype has been added (currently streams to stderr only). Closes #37 BREAKING CHANGES: * Applying this patch requires running SQL Migrations. * The field `identity.addresses` has moved to `identity.verifiable_addresses`. A new field has been added `identity.recovery_addresses`. Configuration key `selfservice.verify` was renamed to `selfservice.verification`. Configuration key `selfservice.verification.link_lifespan` has been merged with `selfservice.verification.request_lifespan`.
aeneasr
added a commit
that referenced
this issue
Jun 5, 2020
This patch implements the account recovery with endpoints such as "Init Account Recovery", a new config value `urls.recovery_ui` and so on. Additionally, some refactoring was made to DRY code and make naming consistent. As part of dependency upgrades, structured logging has also improved and an audit trail prototype has been added (currently streams to stderr only). Closes #37 BREAKING CHANGES: * Applying this patch requires running SQL Migrations. * The field `identity.addresses` has moved to `identity.verifiable_addresses`. A new field has been added `identity.recovery_addresses`. Configuration key `selfservice.verify` was renamed to `selfservice.verification`. Configuration key `selfservice.verification.link_lifespan` has been merged with `selfservice.verification.request_lifespan`.
aeneasr
added a commit
to ory/kratos-selfservice-ui-node
that referenced
this issue
Jun 6, 2020
5 tasks
aeneasr
added a commit
to ory/kratos-selfservice-ui-node
that referenced
this issue
Jun 6, 2020
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Included
Excluded
I want to set up one or more security questions for account recovery: Security questions have often been abused in social engineering attacks (e.g. Celebrity Leaks) because their answers ("What's your mother's maiden name?") are often easy to discover using OSINT attacks. Needs docs.I want to recover my account using SMS or phone calls: SMS for credential exchange isn't particularly secure (source, source). The problem with account recovery is that a single TOTP can switch ownership of an entire account. While with 2FA, both credentials (password) and TOTP are required, account recovery really has only one credential which can be eavesdropped using sim swapping and similar. Maybe something like IMSI can help though but that needs further investigation. Needs docs.The text was updated successfully, but these errors were encountered: