From 52ad2a5655c4c43da05033a98fb29d65ccbda3ed Mon Sep 17 00:00:00 2001 From: pi1814 Date: Thu, 2 Apr 2026 17:56:22 +0530 Subject: [PATCH 1/2] chore: add email validation rules --- .../15_customize-identity-schema.mdx | 33 +++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/docs/kratos/manage-identities/15_customize-identity-schema.mdx b/docs/kratos/manage-identities/15_customize-identity-schema.mdx index 5b05db6585..c1f1148fec 100644 --- a/docs/kratos/manage-identities/15_customize-identity-schema.mdx +++ b/docs/kratos/manage-identities/15_customize-identity-schema.mdx @@ -509,6 +509,39 @@ Note that the `format` field of the identity schema will perform validation of t is validated using the [JSON Schema](https://json-schema.org/understanding-json-schema/reference/string.html#email-addresses) rule set. +##### Email validation rules + +When you use `"format": "email"`, Ory validates the email address against +[RFC 5322, section 3.4.1](https://datatracker.ietf.org/doc/html/rfc5322#section-3.4.1) and the domain part against +[RFC 1034, section 3.1](https://datatracker.ietf.org/doc/html/rfc1034#section-3.1) and +[RFC 1123, section 2.1](https://datatracker.ietf.org/doc/html/rfc1123#section-2.1). + +The following rules are enforced: + +- The total address length must not exceed 254 characters. +- The address must contain an `@` separator. +- The local part (before `@`) must not exceed 64 characters. +- The domain part (after `@`) must be a valid hostname: + - Only ASCII letters (`a-z`, `A-Z`), digits (`0-9`), and hyphens (`-`) are allowed. + - Each label must be 1–63 characters long. + - Labels must not start or end with a hyphen. + - The total hostname length must not exceed 253 characters. + +For example, `user_name@example.com` is valid because underscores are allowed in the local part. However, `user@domain_name.com` +is rejected because underscores are not allowed in the domain part. + +To customize email validation beyond these rules, you can replace `"format": "email"` with a `"pattern"` regex in your identity +schema. Alternatively, you can use a [before-registration webhook](../../guides/integrate-with-ory-cloud-through-webhooks.mdx) to +apply custom validation logic. + +:::caution + +Replacing `"format": "email"` with a custom `"pattern"` bypasses RFC-compliant validation. This can allow malformed or +undeliverable addresses into your system, which may cause issues with account recovery, email verification, and other flows that +depend on valid email addresses. Only relax validation when you have a clear need and understand the trade-offs. + +::: + #### Phone number Let's extend the identity schema from the previous chapter with a phone number: From a52df9740ae01771078dfb4a1fdfc2f40e273469 Mon Sep 17 00:00:00 2001 From: pi1814 Date: Fri, 3 Apr 2026 18:09:37 +0530 Subject: [PATCH 2/2] chore: dummy commit --- .../kratos/manage-identities/15_customize-identity-schema.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/kratos/manage-identities/15_customize-identity-schema.mdx b/docs/kratos/manage-identities/15_customize-identity-schema.mdx index c1f1148fec..c7764a9bb9 100644 --- a/docs/kratos/manage-identities/15_customize-identity-schema.mdx +++ b/docs/kratos/manage-identities/15_customize-identity-schema.mdx @@ -527,8 +527,8 @@ The following rules are enforced: - Labels must not start or end with a hyphen. - The total hostname length must not exceed 253 characters. -For example, `user_name@example.com` is valid because underscores are allowed in the local part. However, `user@domain_name.com` -is rejected because underscores are not allowed in the domain part. +For example, `test_user_name@example.com` is valid because underscores are allowed in the local part. However, +`user@domain_name.com` is rejected because underscores are not allowed in the domain part. To customize email validation beyond these rules, you can replace `"format": "email"` with a `"pattern"` regex in your identity schema. Alternatively, you can use a [before-registration webhook](../../guides/integrate-with-ory-cloud-through-webhooks.mdx) to