https://www.ory.sh/ logo
Join Slack
Powered by
This message was deleted.
# general
m
This message was deleted.
d
Request looks like this using the go client
Copy code
updateIdentityBody := oryclient.UpdateIdentityBody{                                                                                             
  Credentials: &oryclient.IdentityWithCredentials{                        
    Oidc: &oryclient.IdentityWithCredentialsOidc{                         
      Config: &oryclient.IdentityWithCredentialsOidcConfig{               
        Providers: []oryclient.IdentityWithCredentialsOidcConfigProvider{ 
          oryclient.IdentityWithCredentialsOidcConfigProvider{            
            Provider: "microsoft",                                        
            Subject:  azureUser.Id,                                            
          },                                                              
        },                                                                
      },                                                                  
    },                                                                    
  },                                                                                                                                          
  SchemaId: orySchemaId,                                                
  State:    oryclient.IDENTITYSTATE_ACTIVE,                               
  Traits: map[string]interface{}{                                         
    "email": azureUser.Mail,                                                   
    "name": map[string]string{                                            
      "first": azureUser.GivenName,                                            
      "last":  azureUser.Surname,                                              
    },                                                                    
  },                                                                      
}
Is it a bug from an unique constraint on oidc subject maybe? We’re using the 
subject_source: "me"
setting
patch cannot be used on credentials so no workaround that way either
b
I think PUT (update) expects the whole identity to be supplied. Did you try adding the password credential as well? Either way, the 409 looks weird in this case. Do you get any other message from that?
d
Searching the archives i see multiple posts about 409's on PUT/update. This is exactly the same body as I use in create identity. Also is there any way to remove password credential? I want to force my users to use SSO. From docs it seems like password can’t be deleted: 
Delete an identity credential by its type You can only delete second factor (aal2) credentials.
b
Ah, hm, I don’t think so. Though, from reading your use case, I think it might make sense to allow that. Could you open an issue in ory/network or ory/kratos? 🙂 Thank you.
d
Ok!
Do you think I can create an identity schema without password and then update the users identity schema to achieve this?
From docs:
Copy code
Each credential - regardless of its type - has one or more identifiers attached to it. Each identifier is universally unique. Assuming we had one identity with credentials

credentials:
  password:
    id: password
    identifiers:
      - <mailto:john.doe@acme.com|john.doe@acme.com>

and tried to create (or update) another identity with the same identifier (<mailto:john.doe@acme.com|john.doe@acme.com>), the system would reject the request with a 409 Conflict state.
It’s coming from an unique constraint in identifier
Reason is that i updated an user with oidc credentials with the same oidc credentials tripping an unique constraint
7 Views
Open in Slack
PreviousNext
Powered by