Skip to content

Commit 85f352c

Browse files
pi1814pi1814
authored
chore: add email validation rules (#2497)
1 parent 87a2d43 commit 85f352c

1 file changed

Lines changed: 33 additions & 0 deletions

File tree

docs/kratos/manage-identities/15_customize-identity-schema.mdx

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -509,6 +509,39 @@ Note that the `format` field of the identity schema will perform validation of t
509509
is validated using the [JSON Schema](https://json-schema.org/understanding-json-schema/reference/string.html#email-addresses) rule
510510
set.
511511

512+
##### Email validation rules
513+
514+
When you use `"format": "email"`, Ory validates the email address against
515+
[RFC 5322, section 3.4.1](https://datatracker.ietf.org/doc/html/rfc5322#section-3.4.1) and the domain part against
516+
[RFC 1034, section 3.1](https://datatracker.ietf.org/doc/html/rfc1034#section-3.1) and
517+
[RFC 1123, section 2.1](https://datatracker.ietf.org/doc/html/rfc1123#section-2.1).
518+
519+
The following rules are enforced:
520+
521+
- The total address length must not exceed 254 characters.
522+
- The address must contain an `@` separator.
523+
- The local part (before `@`) must not exceed 64 characters.
524+
- The domain part (after `@`) must be a valid hostname:
525+
- Only ASCII letters (`a-z`, `A-Z`), digits (`0-9`), and hyphens (`-`) are allowed.
526+
- Each label must be 1–63 characters long.
527+
- Labels must not start or end with a hyphen.
528+
- The total hostname length must not exceed 253 characters.
529+
530+
For example, `test_user_name@example.com` is valid because underscores are allowed in the local part. However,
531+
`user@domain_name.com` is rejected because underscores are not allowed in the domain part.
532+
533+
To customize email validation beyond these rules, you can replace `"format": "email"` with a `"pattern"` regex in your identity
534+
schema. Alternatively, you can use a [before-registration webhook](../../guides/integrate-with-ory-cloud-through-webhooks.mdx) to
535+
apply custom validation logic.
536+
537+
:::caution
538+
539+
Replacing `"format": "email"` with a custom `"pattern"` bypasses RFC-compliant validation. This can allow malformed or
540+
undeliverable addresses into your system, which may cause issues with account recovery, email verification, and other flows that
541+
depend on valid email addresses. Only relax validation when you have a clear need and understand the trade-offs.
542+
543+
:::
544+
512545
#### Phone number
513546

514547
Let's extend the identity schema from the previous chapter with a phone number:

0 commit comments

Comments
 (0)