Hello! We are using Hydra+Kratos self-hosted. We are currently facing an issue where we used to have a Microsoft provider, but needed to change the client_id+client_secret for it. This caused an error in which the user has to authorize Microsoft again (expected), but when they do, they get an error that an account with the same identifier already exists. We tried looking into the kratos db to see if we find anything related to the Microsoft provider in the identities, but couldn't find anything. So what I believe is happening is that Kratos somehow knows that the user is not associated with that specific Microsoft app id and tries to create another, which fails because it has the same email. However I'm not sure this is the case, as we couldn't find the relation between Microsoft client_id and identity. Here is how the provider is configured:

oidc:
    config:
        providers:
              - id: microsoft
                provider: microsoft
                client_id: AAAAAAAAAAAAAAAAAAAAAAAAA
                client_secret: XXXXXXXXXXXXXXXXXXXXXXXX

What we changed was these client_id and client_secret. So, my question is, is this really what is happening? Regarding Kratos trying to create a new user. If so, any idea how we could fix it? Thanks in advance!

Hello @bland-truck-22198 Not sure why it happens, but you should be able to update the identity to remove the OIDC credential and then let the user re-add it again. But I guess it also depends how you use Hydra+Kratos together - things can get more complex with OAuth2 flows in the mix.