Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Adding a flag to the CreateIdentity call or maybe the `IdentityWithCredentialsPassword` struct that toggles password strength enforcement would be very useful.

Hello <@U017406ACES>

I guess the reasoning is that users would use the public API and when you use the admin API you usually dont want these restrictions.

Can you tell us more about the use case - are you using CreateIdentity to create a lot of identities?

But yea I agree having a flag there would be useful for your particular use case - tbh this is the first time I come across it though,.

Hello <@U011D3UQKNY>. The use case is that we have a command line utility that we use to create some accounts. This utility calls into a k8s-hosted container which handles the identity creation. This container and kratos are in the same k8s namespace. I was using CreateIdentity as that seemed like the API endpoint to use. I've since switched to using a Native registration flow - which does implement the password strength enforcement. Is this the correct away to handle this? I'm not sure there is another way to handle non-browser flows...

Did the semantics of CreateIdentity change for v1? We recently, *finally*, updated to v1 from v0.11. Thanks,