https://github.com/meysam81/kratos-allowlist

Restrict Ory Kratos registration to specific domains with Kratos Webhook: https://www.ory.sh/docs/kratos/hooks/configure-hooks
https://github.com/meysam81/kratos-allowlist

authentication kratos ory webhook

Last synced: 3 months ago
JSON representation

Restrict Ory Kratos registration to specific domains with Kratos Webhook: https://www.ory.sh/docs/kratos/hooks/configure-hooks

• Host: GitHub
• URL: https://github.com/meysam81/kratos-allowlist
• Owner: meysam81
• License: apache-2.0
• Created: 2025-08-06T04:30:08.000Z (4 months ago)
• Default Branch: main
• Last Pushed: 2025-08-06T05:54:00.000Z (3 months ago)
• Last Synced: 2025-08-06T06:25:12.561Z (3 months ago)
• Topics: authentication, kratos, ory, webhook
• Language: Go
• Homepage:
• Size: 24.4 KB
• Stars: 0
• Watchers: 0
• Forks: 0
• Open Issues: 2
• Metadata Files:
  • Readme: README.md
  • Funding: .github/FUNDING.yml
  • License: LICENSE

Awesome Lists containing this project

README

          
# kratos-allowlist

Domain validation webhook for Ory Kratos registration flows.

- [Usage](#usage)

  - [Kratos Configuration](#kratos-configuration)

  - [email.jsonnet](#emailjsonnet)

  - [Run](#run)

- [Environment Variables](#environment-variables)

- [Endpoints](#endpoints)

- [Request](#request)

- [Response](#response)

## Usage

### Kratos Configuration

```yaml

selfservice:

  flows:

    registration:

      after:

        password:

          hooks:

            - config:

                body: https://gist.github.com/meysam81/9b6b63d0530987a9236d43d21cbec713/raw/513535c2c30eade74537d85d757edd4c1fc18b73/email.jsonnet

                method: POST

                response:

                  parse: true

                url: http://localhost:8080/v1/validate

              hook: web_hook

```

### email.jsonnet

```jsonnet

function(ctx) {

  email: ctx.identity.traits.email,

}

```

### Run

```bash

export ALLOWED__DOMAINS="example.com company.org"

docker run --rm --name allowlist -e ALLOWED__DOMAINS -dp 8080:8080 ghcr.io/meysam81/kratos-allowlist

```

## Environment Variables

- `ALLOWED__DOMAINS`: Space-separated list of allowed email domains

- `PORT`: Server port (default: 8080)

## Endpoints

- `POST /v1/validate` - Webhook validation endpoint

## Request

```json

{

  "email": "john.doe@example.com"

}

```

## Response

Returns `200 OK` for allowed domains, `400 Bad Request` with validation error for blocked domains.