The most scalable and customizable identity server on the market. Replace your Homegrown, Auth0, Okta, Firebase with better UX and DX. Has all the tablestakes: Passkeys, Social Sign In, Multi-Factor Auth, SMS, SAML, TOTP, and more. Written in Go, cloud native, headless, API-first. Available as a service on Ory Network and for self-hosters.
If for example I send this link on a chat or there is a mail system (maybe an ANTI-SPAM extension) that "navigates" this link the token is signed in the DB as "used" but it's not!
And when a user clicks that link it gets:
The recovery token is invalid or has already been used.
Is there a way to disable the "flag as used" option in Kratos?
I'm having an issue with Kratos self hosted.
When I start a new recovery flow with email, I get the email and the link like:
If for example I send this link on a chat or there is a mail system (maybe an ANTI-SPAM extension) that "navigates" this link the token is signed in the DB as "used" but it's not!
And when a user clicks that link it gets:
Is there a way to disable the "flag as used" option in Kratos?
This is tragic!
Version
1.2.0