version: 1 entries: - identifiers: slug: default-recovery-flow id: flow model: authentik_flows.flow attrs: name: Default recovery flow title: Reset your password designation: recovery cache_count: 0 policy_engine_mode: any compatibility_mode: false layout: stacked - identifiers: field_key: password label: Password id: prompt-field-password model: authentik_stages_prompt.prompt attrs: type: password required: true placeholder: Password order: 0 sub_text: "" placeholder_expression: false - identifiers: field_key: password_repeat label: Password (repeat) id: prompt-field-password-repeat model: authentik_stages_prompt.prompt attrs: type: password required: true placeholder: Password (repeat) order: 1 sub_text: "" placeholder_expression: false - identifiers: name: default-recovery-skip-if-restored id: default-recovery-skip-if-restored model: authentik_policies_expression.expressionpolicy attrs: execution_logging: false expression: | return request.context.get('is_restored', False) - identifiers: name: default-recovery-email id: default-recovery-email model: authentik_stages_email.emailstage attrs: use_global_settings: true host: localhost port: 25 username: "" use_tls: false use_ssl: false timeout: 10 from_address: system@authentik.local token_expiry: 30 subject: authentik template: email/password_reset.html activate_user_on_success: true - identifiers: name: default-recovery-user-write id: default-recovery-user-write model: authentik_stages_user_write.userwritestage attrs: create_users_as_inactive: false create_users_group: null user_path_template: "" - identifiers: name: default-recovery-identification id: default-recovery-identification model: authentik_stages_identification.identificationstage attrs: user_fields: - email - username password_stage: null case_insensitive_matching: true show_matched_user: true enrollment_flow: null recovery_flow: null passwordless_flow: null sources: [] show_source_labels: false - identifiers: name: default-recovery-user-login id: default-recovery-user-login model: authentik_stages_user_login.userloginstage attrs: session_duration: seconds=0 - identifiers: name: Change your password name: stages-prompt-password model: authentik_stages_prompt.promptstage attrs: fields: - !KeyOf prompt-field-password - !KeyOf prompt-field-password-repeat validation_policies: [] - identifiers: target: !KeyOf flow stage: !KeyOf default-recovery-identification order: 10 model: authentik_flows.flowstagebinding id: flow-binding-identification attrs: evaluate_on_plan: true re_evaluate_policies: true policy_engine_mode: any invalid_response_action: retry - identifiers: target: !KeyOf flow stage: !KeyOf default-recovery-email order: 20 model: authentik_flows.flowstagebinding id: flow-binding-email attrs: evaluate_on_plan: true re_evaluate_policies: true policy_engine_mode: any invalid_response_action: retry - identifiers: pk: 1219d06e-2c06-4c5b-a162-78e3959c6cf0 target: !KeyOf flow stage: !KeyOf stages-prompt-password order: 30 model: authentik_flows.flowstagebinding attrs: evaluate_on_plan: true re_evaluate_policies: false policy_engine_mode: any invalid_response_action: retry - identifiers: target: !KeyOf flow stage: !KeyOf default-recovery-user-write order: 40 model: authentik_flows.flowstagebinding attrs: evaluate_on_plan: true re_evaluate_policies: false policy_engine_mode: any invalid_response_action: retry - identifiers: target: !KeyOf flow stage: !KeyOf default-recovery-user-login order: 100 model: authentik_flows.flowstagebinding attrs: evaluate_on_plan: true re_evaluate_policies: false policy_engine_mode: any invalid_response_action: retry - identifiers: policy: !KeyOf default-recovery-skip-if-restored target: !KeyOf flow-binding-identification order: 0 model: authentik_policies.policybinding attrs: negate: false enabled: true timeout: 30 - identifiers: policy: !KeyOf default-recovery-skip-if-restored target: !KeyOf flow-binding-email order: 0 model: authentik_policies.policybinding attrs: negate: false enabled: true timeout: 30