Not all providers following standards: It’s seems like not all providers follow the OIDC standard (like Auth0, Salesforce, …). If you need to configure a custom provider with Ory Kratos, there is no way to add tailor those checks and configure them to expect a different format. — Would you be happy to accept a PR that either: • Adds more defensive validation of the

updated_at

of the user info endpoint field (e.g. accepting both an ISO and a Unix timestamp) • Or a parameter that allows you to customise per provider what format

updated_at

should have This is right now blocking the integration with one large customer of ours. We may want to contribute a change to Ory to enable that.

I think accepting more formats for the fields is fine. WDYT @refined-kangaroo-48640?

We may be able to solve this in the Jsonnet snippet, right?

I’m not whether Jsonnet would be able to solve it (not an expert here) but wouldn’t it have to be able to convert an ISO 8601 timestamp to a Unix as done here? https://github.com/ory/kratos/blob/7c5299f1f832ebbe0622d0920b7a91253d26b06c/selfservice/strategy/oidc/provider_auth0.go#L129 By the way, I haven’t found the Jsonnet that would have to be adjusted … I hides well

Yes, correct. I've found an implementation in jsonnet here: https://github.com/jsonnet-libs/xtd/blob/63d430b69a95741061c2f7fc9d84b1a778511d9c/date.libsonnet#L102

@refined-kangaroo-48640 did you have the chance to discuss it already? We are really keen on pushing this topic next (or the following) week ☺️

Could you create a ticket with a problem statement (essentially the message you posted here) in

ory/kratos

? Then we can take it into our internal plannings and discuss there.

I’ve thought about this more and the pure jsonnet solution is not cool because of leap seconds.