fix(auth): delete the Kratos identity on account deletion
Account deletion removed all local data but left the Ory Kratos
identity intact — an orphaned identity that can still authenticate.
Close the gap:
- kratos.Client gains the admin API: NewClient(publicURL, adminURL)
and DeleteIdentity (DELETE /admin/identities/{id}; a 404 is treated
as success so a retry after a partial failure is idempotent).
- AuthService.DeleteAccount deletes the Kratos identity FIRST; if that
call fails it aborts before touching local data, so the operation is
retryable rather than partially applied.
- KRATOS_ADMIN_URL config (default http://kratos:4434) + router wiring.
- kratos NetworkPolicy split: the api pods may now reach the admin API
:4434 (Traefik still reaches only the public API :4433).
- kratos CORS: allow_credentials + OPTIONS so the web browser flows
(ory_kratos_session cookie) work; origins stay an explicit allowlist.
- Regression tests: identity teardown happens, and a Kratos failure
aborts the deletion instead of orphaning local data.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Trey t
@@ -31,9 +31,13 @@ data:
|
||||
- https://myhoneydue.com
|
||||
- https://app.myhoneydue.com
|
||||
- https://admin.myhoneydue.com
|
||||
allowed_methods: [GET, POST, PUT, PATCH, DELETE]
|
||||
allowed_methods: [GET, POST, PUT, PATCH, DELETE, OPTIONS]
|
||||
allowed_headers: [Authorization, Content-Type, X-Session-Token, Cookie]
|
||||
exposed_headers: [Content-Type, Set-Cookie]
|
||||
# Required: the web clients call Kratos browser flows with
|
||||
# credentials (the ory_kratos_session cookie). Safe here because
|
||||
# allowed_origins is an explicit list, never a wildcard.
|
||||
allow_credentials: true
|
||||
admin:
|
||||
base_url: http://kratos.honeydue.svc.cluster.local:4434/
|
||||
|
||||
|
||||
Reference in New Issue
Block a user