https://www.ory.sh/ logo
Join Slack
Powered by
<@U04UQ68083H> In Kratos, how can I restrict dupli...
# ory-copilot
f
@chilly-king-10285 In Kratos, how can I restrict duplication with the traits(email, phone-number).
c
A message from kapa.ai
In Ory Kratos, each credential, regardless of its type, has one or more identifiers attached to it. Each identifier is universally unique. If you try to create or update another identity with the same identifier, the system would reject the request with a 409 Conflict state. This ensures that there is no duplication of identifiers within the same credential type. Here's an example of an identity with a unique identifier:
Copy code
yaml credentials:    password:    id: password    identifiers:    - [[email protected]](<https://www.ory.sh/cdn-cgi/l/email-protection>)
If you tried to create (or update) another identity with the same identifier (
[[email protected]](<https://www.ory.sh/cdn-cgi/l/email-protection>)
), the system would reject the request. However, while credentials must be unique per type, there can be duplicates amongst multiple types. For example:
Copy code
yaml # This is ok:   credentials:    password:    id: password    identifiers:    - [[email protected]](<https://www.ory.sh/cdn-cgi/l/email-protection>)    oidc:    id: oidc    identifiers:    - [[email protected]](<https://www.ory.sh/cdn-cgi/l/email-protection>)
In this case, the same email address is used as an identifier for both the password and oidc credential types. For more information, you can refer to the [Ory Kratos Concepts documentation](https://www.ory.sh/docs/kratos/concepts/credentials).
f
@chilly-king-10285
Copy code
{
  "$id": "<https://schemas.ory.sh/presets/kratos/quickstart/email-password/identity.schema.json>",
  "$schema": "<http://json-schema.org/draft-07/schema#>",
  "title": "Person",
  "type": "object",
  "properties": {
    "traits": {
      "type": "object",
      "properties": {
        "username": {
          "type": "string",
          "format": "string",
          "title": "username",
          "minLength": 3,
          "<http://ory.sh/kratos|ory.sh/kratos>": {
            "credentials": {
              "password": {
                "identifier": true
              }
            }
          }
        },
        "phone": {
          "type": "string",
          "format": "string"
        },
        "mail": {
          "type": "string",
          "format": "string"
        }
      },
      "required": [
        "username"
      ],
      "additionalProperties": false
    }
  }
}
c
A message from kapa.ai
The JSON you've provided is an example of an identity schema in Ory Kratos. This schema defines the data model for your identities, and controls business logic such as which field is used as the identifier when logging in. In this schema, the 
username
field is used as the identifier for the password flow. This is indicated by the 
"identifier": true
line under the 
"password"
field in the 
"credentials"
object. This means that the system will use the 
username
to sign in a user. The 
phone
and 
mail
fields are also defined in the schema, but they are not marked as identifiers. This means they will be stored as traits of the user identity, but they won't be used for login. The 
username
field is also marked as required, as indicated by the 
"required": ["username"]
line. This means that a 
username
must be provided when creating an identity. Here's the schema for reference:
Copy code
json {   "$id": "<https://schemas.ory.sh/presets/kratos/quickstart/email-password/identity.schema.json>",   "$schema": "<http://json-schema.org/draft-07/schema#>",   "title": "Person",   "type": "object",   "properties": {     "traits": {       "type": "object",       "properties": {         "username": {           "type": "string",           "format": "string",           "title": "username",           "minLength": 3,           "<http://ory.sh/kratos|ory.sh/kratos>": {             "credentials": {               "password": {                 "identifier": true               }             }           }         },         "phone" : {           "type": "string",           "format": "string"         },         "mail" : {           "type": "string",           "format": "string"         }       },       "required": [         "username"       ],       "additionalProperties": false     }   } }
For more information on identity schemas in Ory Kratos, you can refer to the [Ory Kratos Identity Schema documentation](https://www.ory.sh/docs/kratos/manage-identities/identity-schema).
f
Copy code
{
  "$id": "<https://schemas.ory.sh/presets/kratos/quickstart/email-password/identity.schema.json>",
  "$schema": "<http://json-schema.org/draft-07/schema#>",
  "title": "Person",
  "type": "object",
  "properties": {
    "traits": {
      "type": "object",
      "properties": {
        "username": {
          "type": "string",
          "format": "string",
          "title": "username",
          "minLength": 3,
          "ory.sh/kratos": {
            "credentials": {
              "password": {
                "identifier": true
              }
            }
          }
        },
        "phone": {
          "type": "string",
          "format": "string"
        },
        "mail": {
          "type": "string",
          "format": "string"
        }
      },
      "required": [
        "username"
      ],
      "additionalProperties": false
    }
  }
}
@chilly-king-10285 this is my schema. If already have an identity with a mail or phone, I want to prevent to register.
c
A message from kapa.ai
In your current schema, the 
username
field is set as the identifier for the password credential. This means that the system will prevent the creation of a new identity if the 
username
is already in use. However, the 
phone
and 
mail
fields are not set as identifiers, so the system will not prevent the creation of a new identity if these fields are already in use. If you want to prevent the creation of a new identity when the 
phone
or 
mail
fields are already in use, you would need to set these fields as identifiers as well. However, Ory Kratos currently only supports one identifier per credential type. This means you can't set both 
username
and 
phone
(or 
mail
) as identifiers for the 
password
credential at the same time. If you want to enforce uniqueness for the 
phone
and 
mail
fields across all identities, you would need to implement this check in your own application logic. When a new user tries to register, you could check if the 
phone
or 
mail
they provided is already in use, and if so, prevent the registration. For more information on how identifiers work in Ory Kratos, you can refer to the [Ory Kratos Concepts documentation](https://www.ory.sh/docs/kratos/concepts/credentials).
5 Views
Open in Slack
PreviousNext
Powered by