Hi sorry for repeating the question but I didn t get the ans Ory Community #talk-kratos

Hi, sorry for repeating the question, but I didn't...

faint-energy-48611

08/02/2022, 1:07 PM

Hi, sorry for repeating the question, but I didn't get the answer for a week 😅 Is it possible to have multiple identity identifiers in ORY Kratos? I want to allow my users to sign in using either email/password, or email/security key, or both

bulky-greece-49863

08/02/2022, 2:10 PM

The identifier would be the email in both cases

faint-energy-48611

08/02/2022, 4:23 PM

okay, but is it possible to login to the same account using either password OR security key?

faint-energy-48611

08/02/2022, 4:24 PM

To qlarify, is it possible to setup BOTH password and security key as login methods?

wonderful-lamp-2357

08/03/2022, 9:57 AM

Hey there! By

security key

you mean a WebAuthN physical device like a USB key?

wonderful-lamp-2357

08/03/2022, 10:08 AM

I think that both methods can be used at the same time. You still must provide the email to ID the user that’s going to provide the webauthn input

wonderful-lamp-2357

08/03/2022, 10:11 AM

Have a look at this doc to learn about using webauth for signing in https://www.ory.sh/docs/guides/passwordless/webauthn

wonderful-lamp-2357

08/03/2022, 10:11 AM

hope that answers your question 🙂 if not, please let me know

faint-energy-48611

08/03/2022, 5:02 PM

Hi @wonderful-lamp-2357, yes, exactly - I mean webauthn. What I try to do is, allow the user to set up an additional login method, so that, for example, while already having an email/password method set up, he would be able to register an email/security key method as well. I am not talking about security key as a second factor though!

faint-energy-48611

08/03/2022, 5:03 PM

I have checked the documentation, but it only describes how to implement one of those methonds, not both at the same time :<

wonderful-lamp-2357

08/03/2022, 5:07 PM

I was able to achieve that in Ory Cloud without any issues so I think that you won't have problems getting the same results when self hosting a Kratos instance :) Have a look at the “full config” tab in the document I linked to - it shows what the Kratos configuration should look like to have webauthn enabled

wonderful-lamp-2357

08/03/2022, 5:08 PM

Then make sure to mark webauthn as an identifier in your identity schema, just like you mark email

faint-energy-48611

08/03/2022, 5:09 PM

Won't it make webauthn the only identifier though? (I have the same config setup already for webauthn authentication)

wonderful-lamp-2357

08/03/2022, 5:10 PM

So you're already using webauthn for 2fa?

wonderful-lamp-2357

08/03/2022, 5:15 PM

I played around with this in Ory Cloud as I said, but here’s my Kratos (Identity Service) config when it comes to `webauthn`:

Copy code

webauthn:
      config:
        passwordless: true
        rp:
          display_name: SOME_NAME
          id: redacted
          origin: redacted
      enabled: true

wonderful-lamp-2357

08/03/2022, 5:17 PM

and here’s some of the schema I use

Copy code

"<http://ory.sh/kratos|ory.sh/kratos>": {
            "credentials": {
              "password": {
                "identifier": true
              },
              "webauthn": {
                "identifier": true
              },

wonderful-lamp-2357

08/03/2022, 5:18 PM

I hope this helps! Let me know if you need more assistance, maybe I’ll get someone with more technical background to help you out. 😅

faint-energy-48611

08/04/2022, 3:36 AM

identity schema is indeed helpful, thanks a lot!

2 Views

Open in Slack

Previous Next