Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hey! Is it possible to patch the identity's password from the admin API? I've tried the patch identity endpoint but using the JSON path I can only access the hashed_password or password (plain text) fields. I don't think it's appropriate to replicate the Kratos hashing of password strings in my code and assume the plain text isn't magically hashed and ported to the hashed_password field(that would be too easy haha).

Hello <@U050CM88EA1>

Can you elaborate a bit more on the use case?

We have designed the password patching mainly for the “importing existing identities” use case.
If the user credential should be updated, we usually assume the user would do this themselves using a “settings” flow.

I'm designing functionality where a logged in (i.e session verified) user can update their password in their Account Settings using a simple text input.

The reason for wanting to avoid the settings flow is to simplify the user journey and not take them away from their current page into my auth service.