The minimum valid identity schema for using the passkey method in Ory Kratos would be a schema that defines the field to be used as the display name for the passkey. If you do not define the

passkey.display_name

field, the

webauthn.identifier

will be used as a fallback. If neither is defined, the passkey strategy will not work. Here is an example of a minimum viable identity schema with a passkey display name:

json {     "$schema": "<http://json-schema.org/draft-07/schema#>",     "type": "object",     "properties": {       "traits": {         "type": "object",         "properties": {           "email": {             "type": "string",             "format": "email",             "title": "Your E-Mail",             "minLength": 3,             "<http://ory.sh/kratos|ory.sh/kratos>": {               "credentials": {                 "passkey": {                   "display_name": true,                 },               },             },           },         },       },     },   }

In this example, the

email

field is used as the display name for the passkey. You can replace

email

with any other field you want to use as the display name. Please note that this is a minimum viable schema and you might need to add more fields depending on your application's requirements. For more information, you can refer to the [Ory Kratos documentation](https://www.ory.sh/docs/kratos/passwordless/passkeys#identity-schema).

To ensure that the identifier (in this case, the email) is unique for each user, you need to mark the email field as an identifier in your identity schema. This can be done by adding

"identifier": true

to the

<http://ory.sh/kratos|ory.sh/kratos>

section of the email field in your schema. Here is an example of how to do this:

json {     "$schema": "<http://json-schema.org/draft-07/schema#>",     "type": "object",     "properties": {       "traits": {         "type": "object",         "properties": {           "email": {             "type": "string",             "format": "email",             "<http://ory.sh/kratos|ory.sh/kratos>": {               "credentials": {                 "password": {                   "identifier": true                 }               }             }           }         },         "additionalProperties": false       }     }   }

In this schema, the

email

field is marked as an identifier. This means that Ory Kratos will ensure that each user has a unique email. For more information, you can refer to the [Ory Kratos documentation](https://www.ory.sh/docs/kratos/concepts/credentials/username-email-password#custom-identity-schema).

@chilly-king-10285 But I don't want

password

method, only passkey.

I apologize for the confusion. If you want to use the passkey method without the password method, you should adjust the identity schema accordingly. However, the provided knowledge sources do not specify how to mark the email as a unique identifier specifically for the passkey method. The example provided in the knowledge sources shows how to set the display name for the passkey method, but it does not specify how to enforce uniqueness of the email field for the passkey method:

json {     "$schema": "<http://json-schema.org/draft-07/schema#>",     "type": "object",     "properties": {       "traits": {         "type": "object",         "properties": {           "email": {             "type": "string",             "format": "email",             "title": "Your E-Mail",             "minLength": 3,             "<http://ory.sh/kratos|ory.sh/kratos>": {               "credentials": {                 "passkey": {                   "display_name": true,                 },               },             },           },         },       },     },   }

For more detailed information on how to enforce uniqueness of the email field for the passkey method, I would recommend checking the [Ory Kratos documentation](https://www.ory.sh/docs/kratos/) or reaching out to the Ory community for support.