Hello everyone, I'm setting up the identity schema and I have trouble to decide where to put an internal user id field which is inherited from our old sso and used across our stack. If traits defined as identifier seems to be the way to handle this, they can, by definition, be updated by the identity owner. As we do not want to allow that, I'm looking for an alternative. IMO, public metadata is the right way to handle this but we can not put an unique constraint on that and as there is no way atm to filter users based on metadata fields we can not make this check efficiently. I came to the conclusion that using a post webhook on self service flow to control this input is the only way to have an unique field non-editable by the identity owner and searchable with the admin api. Am I looking at the right decision here ? Thank you in advance for the support 🙏

In my case, my users are autoregistering via OIDC, so the

sub

field is my global user ID, which is probably like your legacy ID. I also put this field in the pubic metadata as well.

all right, thank you for your input 🙏 Some of our users are registered thanks to traditional login so as far as I have understood these users will not rely on OIDC to login on our platform