📄️ Invalid courier URL
If you get an error that points you to this document, it means that your email configuration (SMTP URL) is incorrect. The most
📄️ CSRF troubleshooting
When you get 401 Unauthorized or 400 Bad Request responses when your application sends requests to Ory Identities APIs, it is
📄️ Actions troubleshooting
This document describes common issues with Ory Actions and how to solve them.
📄️ Wrong domain in magic links
After updating their custom domain, some users reported an error that caused the verification emails to come with magic links
📄️ 72 character limit for BCrypt hashed secrets
BCrypt hashed passwords and secrets have a 72 character limit. This is a limitation of the BCrypt algorithm and the Golang BCrypt
📄️ Social sign-in troubleshooting
Redirect loops after registration
📄️ Troubleshooting iframes
Iframes can pose a significant security risk for authentication services due to many attack vectors such as clickjacking, iframe
📄️ OAuth2 JWT Profile
If you're experiencing issues on Ory Network related to the required audience for the
📄️ OIDC requires `redirect_uri`
Starting no sooner than August 1st, 2024, Ory Network will enforce the inclusion of redirect_uri in OpenID Connect flow
📄️ WebAuthn / PassKeys SecurityError
Relying party ID mismatch
📄️ Account linking response code
Starting no sooner than April 13, 2025, Ory Network will return a 400 Bad Request instead of a 200 OK when a user signs up
📄️ Google One Tap fails
If you receive an error such as
📄️ Identity Provider Integration Settings
Overview
📄️ SDK V1 upgrade guide
We are excited to announce the release of version 1.0 of Ory's Software Development Kits (SDKs) for all major languages. As part
📄️ OAuth2 first aid
Spec-compliant OAuth 2.0 and OpenID Connect is hard. Let's take a look how to resolve certain issues.
📄️ Logout not working
Sometimes, calling /oauth2/sessions/logout doesn't behave as expected, for example:
📄️ Client auth fails
There are multiple ways of authenticating OAuth 2.0 Clients at the /oauth2/token: