Yes, you can use Ory Network to generate ID Tokens with user traits. The Ory API provides a method to update the registration flow where you can use the

traits

field to populate the identity's traits. This is particularly useful as some providers, like Apple, only include the user's email in the ID Token. Here is an example from the API reference:

json {   'traits': {     'description': 'The identity traits',      'type': 'object'   } }

This field must be populated with the identity traits you want to include in the ID Token. Please note that the

traits

field is part of the request body for the

updateRegistrationFlow

method in the Ory API. For more details, you can refer to the [Ory API Reference](https://www.ory.sh/docs/reference/api).

To generate ID Tokens with Ory Network, you can use the social sign-in feature. Here's a step-by-step guide on how to integrate Google SDK with Ory, which results in a signed `id_token`: 1. Configure a Google social sign-in provider in Ory using the same

client_id

as used in your native app. 2. Optional: Android apps generate different token audiences per distribution (debug, release, etc.). You can add the ID of your current distribution to the

additional_id_token_audiences

field. 3. If your SDK supports nonce validation, make sure to use a generated value and submit that during the next step. 4. Obtain an

id_token

from Google using the Google SDK. Make sure to also submit the

nonce

if you generated one in the step before. 5. Submit the

id_token

and

nonce

(as the

id_token_nonce

) as part of the

updateRegistrationFlow

or

updateLoginFlow

request to Ory. 6. Ory will validate the

id_token

and create an identity and optionally a session (if configured). The

id_token

is verified using Google's publicly available signing keys, available under https://www.googleapis.com/oauth2/v3/certs. For managing user traits post-signup, you can use the Ory Identities Admin API. Traits are the data associated with an identity and can be modified by the identity owner or by users with Admin API access. Ory uses JSON Schema to validate Identity traits. You can modify these traits as per your requirements. Here's an example of how to create an identity and set its traits using a POST request:

bash curl --request POST -sL \     --header "Authorization: Bearer ory_pat_xRKLsFEOUFQFVBjd6o3FQDifaLYhabGd" \     --header "Content-Type: application/json" \     --data '{     "schema_id": "<preset://email>",     "traits": {       "email": "[[email protected]]"     }   }' <https://playground.projects.oryapis.com/admin/identities>

For more details, you can refer to the [Ory Documentation](https://www.ory.sh/docs/kratos/social-signin/google#using-the-google-sdk-on-native-apps) and [Ory API Reference](https://www.ory.sh/docs/reference/api).

@chilly-king-10285 what about using ory as idp ? no social logins

Yes, you can use Ory as an Identity Provider (IdP) without relying on social logins. Ory follows the OAuth2/OIDC specification, which means you can add Ory OAuth2 as a generic OIDC provider without any extra setup. Here's a step-by-step guide on how to add Ory OAuth2 as a provider: 1. Go to Authentication → Social Sign-In in the [Ory Console](https://console.ory.sh/projects/current/social-signin). 2. Click the Add new OpenID Connect provider button. 3. Define the Label. This name is used for identification purposes only. 4. Paste the configuration details obtained from your social sign-in provider into the corresponding fields in the Console: - Client ID - Client Secret - Issuer URL 5. Copy the Redirect URI from the Console and add it to the OAuth2 client you created earlier. You can do this in the Ory Console or using the Ory CLI. 6. Click Save Configuration to finish. These steps cover the basic configuration of a social sign-in provider integration. At this point, the user experience is incomplete. To complete the configuration and ensure a smooth and secure user experience, configure the [scopes](https://www.ory.sh/docs/kratos/social-signin/ory#scopes) and [data mapping](https://www.ory.sh/docs/kratos/social-signin/ory#data-mapping) as described in the next section. For more details, you can refer to the [Ory Documentation](https://www.ory.sh/docs/kratos/social-signin/ory#setting-up-authentication-through-the-upstream-sso-provider).