docs: document the configuration field kratos_selfservice_methods_code_config_max_submissions (#2208)

gaultier · web-flow · commit 8b0ba2587b6f · 2025-06-10T17:14:56.000+02:00
diff --git a/docs/identities/sign-in/code_submission_limit.mdx b/docs/identities/sign-in/code_submission_limit.mdx
@@ -0,0 +1,65 @@
+---
+id: code-submission-limit
+title: Code submissions limit
+---
+
+A code is sent to a user controlled address (for example an email address) in some flows such as verification, recovery,
+registration, etc. When the correct code is then submitted by the user, the flow advances. If the wrong code is submitted too many
+times, the flow fails.
+
+It is important to find a balance between allowing a user to submit a wrong code multiple times, due for example to typos, and not
+too many times, to prevent an attacker from brute-forcing the code.
+
+To that end, the numeric limit can be configured. The default is `5`. To prevent misconfiguration, this number is required to be
+between `1` and `255`. We recommend a rather small number for security reasons, probably under 10. Organizations with strict
+security policies might set this number to `2` or `3`.
+
+```mdx-code-block
+import CodeBlock from '@theme/CodeBlock'
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem'
+```
+
+````mdx-code-block
+<Tabs>
+<TabItem value="console" label="Ory Console" default>
+
+To change the limit, go to [**Ory Console**](https://console.ory.sh/) → **Authentication** -> **General** -> **Maximum number of code submissions**, enter the desired number, and click the **Save** button.
+
+</TabItem>
+<TabItem value="cloud" label="Ory CLI">
+
+1. Download the Ory Identities config from your project and save it to a file:
+
+   ```shell
+   ## List all available workspaces
+   ory list workspaces
+
+   ## List all available projects
+   ory list projects --workspace <workspace-id>
+
+   ## Get config
+   ory get identity-config --project <project-id> --workspace <workspace-id> --format yaml > identity-config.yaml
+   ```
+
+2. Update the configuration value to the desired value:
+
+   ```yaml title="config.yml"
+   config:
+       selfservice:
+           methods:
+               code:
+                   // highlight-start
+                   max_submissions: 3
+                  // highlight-end
+   ```
+
+3. Update the Ory Identities configuration using the file you worked with:
+
+   ```shell
+   ory update identity-config --project <project-id> --workspace <workspace-id> --file identity-config.yaml
+   ```
+
+</TabItem>
+</Tabs>
+````
diff --git a/src/sidebar.ts b/src/sidebar.ts
@@ -492,6 +492,7 @@ const kratos: SidebarItemsConfig = [
       "identities/sign-in/identifier-first-authentication",
       "identities/sign-in/login-hint",
       "identities/sign-in/actions",
+      "identities/sign-in/code-submission-limit",
     ],
   },
   {

Original file line number	Diff line number	Diff line change
`@@ -492,6 +492,7 @@ const kratos: SidebarItemsConfig = [`
`492`	`492`	`"identities/sign-in/identifier-first-authentication",`
`493`	`493`	`"identities/sign-in/login-hint",`
`494`	`494`	`"identities/sign-in/actions",`
	`495`	`+ "identities/sign-in/code-submission-limit",`
`495`	`496`	`],`
`496`	`497`	`},`
`497`	`498`	`{`