-
-
Notifications
You must be signed in to change notification settings - Fork 959
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Co-authored-by: hackerman <[email protected]>
- Loading branch information
Showing
1 changed file
with
7 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -8,7 +8,7 @@ requires an `identifier` (username, email, phone number, ...) and a `password` | |
during registration and login. | ||
|
||
ORY Kratos hashes the password after registration, password reset, and password | ||
change using the [Argon2 Hashing Algorithm](../../concepts/security.md#Argon2), the winner of | ||
change using the [Argon2 Hashing Algorithm](../../concepts/security#Argon2), the winner of | ||
the (https:/P-H-C/phc-winner-argon2)[Password Hashing Competition (PHC)]. | ||
|
||
## Configuration | ||
|
@@ -51,13 +51,13 @@ identity: | |
``` | ||
|
||
If you don't know what that means, please read the | ||
["Concepts: Identity" Chapter](../../concepts/identity-user-model.md). | ||
["Concepts: Identity" Chapter](../../concepts/identity-user-model). | ||
|
||
For a complete reference, defaults, and description please check the | ||
[Configuration Reference](../../reference/configuration.md). | ||
[Configuration Reference](../../reference/configuration). | ||
|
||
For a better understanding of security implications imposed by Argon2 | ||
Configuration, head over to [Argon2 Security](../security.mdx#argon2). | ||
Configuration, head over to [Argon2 Security](../security#argon2). | ||
|
||
## Choosing between Username, Email, Phone Number | ||
|
||
|
@@ -85,7 +85,7 @@ The email address however represents a unique identifier and personally | |
identifiable information (PII). An attacker could for example check if an email | ||
address (e.g. `[email protected]`) is registered at a site (e.g. an adult | ||
website) and use that information for blackmail (see | ||
[Account Enumeration Attacks](../../concepts/security.md#account-enumeration-attacks)). | ||
[Account Enumeration Attacks](../../concepts/security#account-enumeration-attacks)). | ||
|
||
The same considerations apply to using a phone number as the primary | ||
registration & login identifier. | ||
|
@@ -117,7 +117,7 @@ You need to decide which route you want to take. | |
|
||
### Picking the right JSON Schema | ||
|
||
When processing an identity and its traits, the method will use [JSON Schema](../../reference/json-schema-json-paths.md) | ||
When processing an identity and its traits, the method will use [JSON Schema](../../reference/json-schema-json-paths) | ||
to extract one or more identifiers. | ||
|
||
#### Use Case: Email and Password | ||
|
@@ -287,7 +287,7 @@ Assuming your traits schema is as follows: | |
|
||
And an identity registers with the following JSON payload (more on registration | ||
in | ||
[Selfservice Registration](../self-service/flows/user-login-user-registration.md)): | ||
[Selfservice Registration](../../self-service/flows/user-login-user-registration)): | ||
|
||
```json | ||
{ | ||
|