I have an issue with login flow through OIDC: we have migrated users as identites and login using a password works well, but when we want to login using SSO it fails because the strategy_login don't find the entry for the OIDC provider in the database my issue is that then Kratos and the "hacky" part in strategy login, will send the user to the registration flow but it fails as the user already exists with the claims.Email but it never checked that because it only checked the oidc provider id using the sub what would be logical here would be to just link the identity with the provider as it's what the settings "link account with XXX" is doing but we don't have the control on that I don't know how to resolve this: • do I make a PR to update the "hacky" part to add an additional check in case the login failed using SSO, and try to link the identity with the OIDC provider directly and then continue the flow normally • can we provide the claims in a hook context so that we can manually do that in a webhook ? but it will still try to push the registration flow even if it's not needed anymore do you have an idea @high-optician-2097 ?

Accounting linking on registration is not possible by design and due to security concerns. Instead, you could import the user’s OIDC credentials from your existing system, I believe this is possible

yes it's possible to import them and it works, our issue is that we don't have the id saved for everybody