ory
diff --git a/‎identity/extension_recovery_test.go‎
Lines changed: 43 additions & 0 deletions b/‎identity/extension_recovery_test.go‎
Lines changed: 43 additions & 0 deletions
diff --git a/‎identity/identity_recovery.go‎
Lines changed: 7 additions & 1 deletion b/‎identity/identity_recovery.go‎
Lines changed: 7 additions & 1 deletion
diff --git a/‎identity/identity_recovery_test.go‎
Lines changed: 19 additions & 4 deletions b/‎identity/identity_recovery_test.go‎
Lines changed: 19 additions & 4 deletions
diff --git a/‎persistence/sql/batch/.snapshots/Test_buildInsertQueryArgs-case=RecoveryAddress#01.json‎
Lines changed: 3 additions & 2 deletions b/‎persistence/sql/batch/.snapshots/Test_buildInsertQueryArgs-case=RecoveryAddress#01.json‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎persistence/sql/batch/.snapshots/Test_buildInsertQueryArgs-case=RecoveryAddress.json‎
Lines changed: 3 additions & 2 deletions b/‎persistence/sql/batch/.snapshots/Test_buildInsertQueryArgs-case=RecoveryAddress.json‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎persistence/sql/identity/persister_identity.go‎
Lines changed: 2 additions & 3 deletions b/‎persistence/sql/identity/persister_identity.go‎
Lines changed: 2 additions & 3 deletions
diff --git a/‎persistence/sql/migrations/sql/20260327101213000000_add_break_glass_to_recovery_addresses.cockroach.down.sql‎
Lines changed: 1 addition & 0 deletions b/‎persistence/sql/migrations/sql/20260327101213000000_add_break_glass_to_recovery_addresses.cockroach.down.sql‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎persistence/sql/migrations/sql/20260327101213000000_add_break_glass_to_recovery_addresses.cockroach.up.sql‎
Lines changed: 1 addition & 0 deletions b/‎persistence/sql/migrations/sql/20260327101213000000_add_break_glass_to_recovery_addresses.cockroach.up.sql‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎persistence/sql/migrations/sql/20260327101213000000_add_break_glass_to_recovery_addresses.down.sql‎
Lines changed: 1 addition & 0 deletions b/‎persistence/sql/migrations/sql/20260327101213000000_add_break_glass_to_recovery_addresses.down.sql‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎persistence/sql/migrations/sql/20260327101213000000_add_break_glass_to_recovery_addresses.mysql.down.sql‎
Lines changed: 1 addition & 0 deletions b/‎persistence/sql/migrations/sql/20260327101213000000_add_break_glass_to_recovery_addresses.mysql.down.sql‎
Lines changed: 1 addition & 0 deletions
@@ -13,6 +13,8 @@ import (
 	"github.com/ory/jsonschema/v3"
 	_ "github.com/ory/jsonschema/v3/fileloader"
 
+	"github.com/gofrs/uuid"
+
 	"github.com/ory/kratos/schema"
 	"github.com/ory/kratos/x"
 
@@ -22,6 +24,7 @@ import (
 
 func TestSchemaExtensionRecovery(t *testing.T) {
 	iid := x.NewUUID()
+	breakGlassOrgID := uuid.NullUUID{UUID: x.NewUUID(), Valid: true}
 	for k, tc := range []struct {
 		expectErr   error
 		schema      string
@@ -210,6 +213,46 @@ func TestSchemaExtensionRecovery(t *testing.T) {
 			// We get 2 errors: one from the JSON schema `format` validation and one from the Go validation.
 			expectErr: errors.New("I[#/telephoneNumber] S[#/properties/telephoneNumber] validation failed\n  I[#/telephoneNumber] S[#/properties/telephoneNumber/format] \"foobar\" is not valid \"tel\"\n  I[#/telephoneNumber] S[#/properties/telephoneNumber/format] \"foobar\" is not valid \"tel\""),
 		},
+		{
+			description: "break_glass_for_organization preserved on existing recovery address",
+			doc:         `{"username":"foo@ory.sh"}`,
+			schema:      "file://./stub/extension/recovery/email.schema.json",
+			expect: []RecoveryAddress{
+				{
+					Value:                     "foo@ory.sh",
+					Via:                       AddressTypeEmail,
+					IdentityID:                iid,
+					BreakGlassForOrganization: breakGlassOrgID,
+				},
+			},
+			existing: []RecoveryAddress{
+				{
+					Value:                     "foo@ory.sh",
+					Via:                       AddressTypeEmail,
+					IdentityID:                iid,
+					BreakGlassForOrganization: breakGlassOrgID,
+				},
+			},
+		},
+		{
+			description: "break_glass null preserved on existing recovery address",
+			doc:         `{"username":"foo@ory.sh"}`,
+			schema:      "file://./stub/extension/recovery/email.schema.json",
+			expect: []RecoveryAddress{
+				{
+					Value:      "foo@ory.sh",
+					Via:        AddressTypeEmail,
+					IdentityID: iid,
+				},
+			},
+			existing: []RecoveryAddress{
+				{
+					Value:      "foo@ory.sh",
+					Via:        AddressTypeEmail,
+					IdentityID: iid,
+				},
+			},
+		},
 	} {
 		t.Run(fmt.Sprintf("case=%d description=%s", k, tc.description), func(t *testing.T) {
 			id := &Identity{ID: iid, RecoveryAddresses: tc.existing}
 
@@ -24,6 +24,12 @@ type (
 		// required: true
 		Via string `json:"via" db:"via"`
 
+		// BreakGlassForOrganization, when set to an organization ID, allows this
+		// recovery address to bypass SSO enforcement for that organization. This
+		// enables designated users to recover their account via email when the
+		// SSO provider is unavailable.
+		BreakGlassForOrganization uuid.NullUUID `json:"break_glass_for_organization,omitzero" db:"break_glass_for_organization"`
+
 		// IdentityID is a helper struct field for gobuffalo.pop.
 		IdentityID uuid.UUID `json:"-" faker:"-" db:"identity_id"`
 		// CreatedAt is a helper struct field for gobuffalo.pop.
@@ -39,7 +45,7 @@ func (a RecoveryAddress) GetID() uuid.UUID  { return a.ID }
 
 // Signature returns a unique string representation for the recovery address.
 func (a RecoveryAddress) Signature() string {
-	return fmt.Sprintf("%v|%v|%v|%v", a.Value, a.Via, a.IdentityID, a.NID)
+	return fmt.Sprintf("%v|%v|%v|%v|%v", a.Value, a.Via, a.BreakGlassForOrganization, a.IdentityID, a.NID)
 }
 
 func NewRecoveryEmailAddress(
 
@@ -42,10 +42,12 @@ func TestRecoveryAddress_Hash(t *testing.T) {
 				IdentityID: x.NewUUID(),
 				NID:        x.NewUUID(),
 			},
-		}, {
+		},
+		{
 			name: "empty fields",
 			a:    RecoveryAddress{},
-		}, {
+		},
+		{
 			name: "email constructor",
 			a:    *NewRecoveryEmailAddress("foo@ory.sh", x.NewUUID()),
 		},
@@ -60,10 +62,24 @@ func TestRecoveryAddress_Hash(t *testing.T) {
 				IdentityID: x.NewUUID(),
 				NID:        x.NewUUID(),
 			},
-		}, {
+		},
+		{
 			name: "SMS constructor",
 			a:    *NewRecoverySMSAddress("6502530000", x.NewUUID()),
 		},
+		{
+			name: "break glass for organization",
+			a: RecoveryAddress{
+				ID:                        x.NewUUID(),
+				Value:                     "breakglass@ory.sh",
+				Via:                       AddressTypeEmail,
+				CreatedAt:                 time.Now(),
+				UpdatedAt:                 time.Now(),
+				IdentityID:                x.NewUUID(),
+				NID:                       x.NewUUID(),
+				BreakGlassForOrganization: uuid.NullUUID{UUID: x.NewUUID(), Valid: true},
+			},
+		},
 	}
 
 	for _, tc := range cases {
@@ -74,5 +90,4 @@ func TestRecoveryAddress_Hash(t *testing.T) {
 			)
 		})
 	}
-
 }
@@ -1,7 +1,8 @@
 {
   "TableName": "\"identity_recovery_addresses\"",
-  "ColumnsDecl": "\"created_at\", \"id\", \"identity_id\", \"nid\", \"updated_at\", \"value\", \"via\"",
+  "ColumnsDecl": "\"break_glass_for_organization\", \"created_at\", \"id\", \"identity_id\", \"nid\", \"updated_at\", \"value\", \"via\"",
   "Columns": [
+    "break_glass_for_organization",
     "created_at",
     "id",
     "identity_id",
@@ -10,5 +11,5 @@
     "value",
     "via"
   ],
-  "Placeholders": "(?, ?, ?, ?, ?, ?, ?),\n(?, ?, ?, ?, ?, ?, ?),\n(?, ?, ?, ?, ?, ?, ?),\n(?, ?, ?, ?, ?, ?, ?),\n(?, ?, ?, ?, ?, ?, ?),\n(?, ?, ?, ?, ?, ?, ?),\n(?, ?, ?, ?, ?, ?, ?),\n(?, ?, ?, ?, ?, ?, ?),\n(?, ?, ?, ?, ?, ?, ?),\n(?, ?, ?, ?, ?, ?, ?)"
+  "Placeholders": "(?, ?, ?, ?, ?, ?, ?, ?),\n(?, ?, ?, ?, ?, ?, ?, ?),\n(?, ?, ?, ?, ?, ?, ?, ?),\n(?, ?, ?, ?, ?, ?, ?, ?),\n(?, ?, ?, ?, ?, ?, ?, ?),\n(?, ?, ?, ?, ?, ?, ?, ?),\n(?, ?, ?, ?, ?, ?, ?, ?),\n(?, ?, ?, ?, ?, ?, ?, ?),\n(?, ?, ?, ?, ?, ?, ?, ?),\n(?, ?, ?, ?, ?, ?, ?, ?)"
 }
@@ -1,7 +1,8 @@
 {
   "TableName": "\"identity_recovery_addresses\"",
-  "ColumnsDecl": "\"created_at\", \"id\", \"identity_id\", \"nid\", \"updated_at\", \"value\", \"via\"",
+  "ColumnsDecl": "\"break_glass_for_organization\", \"created_at\", \"id\", \"identity_id\", \"nid\", \"updated_at\", \"value\", \"via\"",
   "Columns": [
+    "break_glass_for_organization",
     "created_at",
     "id",
     "identity_id",
@@ -10,5 +11,5 @@
     "value",
     "via"
   ],
-  "Placeholders": "(?, ?, ?, ?, ?, ?, ?),\n(?, ?, ?, ?, ?, ?, ?),\n(?, ?, ?, ?, ?, ?, ?),\n(?, ?, ?, ?, ?, ?, ?),\n(?, ?, ?, ?, ?, ?, ?),\n(?, ?, ?, ?, ?, ?, ?),\n(?, ?, ?, ?, ?, ?, ?),\n(?, ?, ?, ?, ?, ?, ?),\n(?, ?, ?, ?, ?, ?, ?),\n(?, ?, ?, ?, ?, ?, ?)"
+  "Placeholders": "(?, ?, ?, ?, ?, ?, ?, ?),\n(?, ?, ?, ?, ?, ?, ?, ?),\n(?, ?, ?, ?, ?, ?, ?, ?),\n(?, ?, ?, ?, ?, ?, ?, ?),\n(?, ?, ?, ?, ?, ?, ?, ?),\n(?, ?, ?, ?, ?, ?, ?, ?),\n(?, ?, ?, ?, ?, ?, ?, ?),\n(?, ?, ?, ?, ?, ?, ?, ?),\n(?, ?, ?, ?, ?, ?, ?, ?),\n(?, ?, ?, ?, ?, ?, ?, ?)"
 }
@@ -1426,9 +1426,8 @@ func (p *IdentityPersister) FindAllRecoveryAddressesForIdentityByRecoveryAddress
 	//
 	// This is all done in one query with a self-join.
 	// We also bound the results for safety.
-	err = p.GetConnection(ctx).RawQuery(
-		`
-SELECT A.id, A.via, A.value, A.identity_id, A.created_at, A.updated_at, A.nid
+	err = p.GetConnection(ctx).RawQuery(`
+SELECT A.id, A.via, A.value, A.identity_id, A.created_at, A.updated_at, A.nid, A.break_glass_for_organization
 FROM identity_recovery_addresses A
 JOIN identity_recovery_addresses B
 ON A.identity_id = B.identity_id
 
@@ -0,0 +1 @@
+ALTER TABLE identity_recovery_addresses DROP COLUMN IF EXISTS break_glass_for_organization;
@@ -0,0 +1 @@
+ALTER TABLE identity_recovery_addresses ADD COLUMN IF NOT EXISTS break_glass_for_organization UUID;
@@ -0,0 +1 @@
+ALTER TABLE identity_recovery_addresses DROP COLUMN break_glass_for_organization;
@@ -0,0 +1 @@
+ALTER TABLE identity_recovery_addresses DROP COLUMN break_glass_for_organization;
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+ALTER TABLE identity_recovery_addresses DROP COLUMN IF EXISTS break_glass_for_organization;`