Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

If I login via OIDC with an ID token, it appears that Kratos will only use the first login to fill in the identity profile. For example, I put first name and last name in my ID token and my schema. On initial login, the identity object gets created, including first name and last name. But on subsequent login attempts, any changes in the ID token do not cause the Kratos identity to be updated.

Is there any way to cause the identity to be updated? This is my configuration:
```      selfservice:
        flows:
          registration:
            after:
              oidc:
                hooks:
                  - hook: session
        methods:
          oidc:
            config:
              providers:
                - id: generic
                  provider: generic
                  client_id: "<https://XXXXXXXX>"
                  client_secret: "blah"
                  issuer_url: <https://XXXXXXXXX>
                  mapper_url: file:///etc/config/mapper.generic.jsonnet
                  claims_source: id_token
            enabled: true```
Also, it appears that the subject of the ID token is effectively the key? Only changing the subject of the id token causes a new Identity to be created. This is actually fine. In my case, email doesn’t matter, but this ID does.