< chilly king 10285> Hi I have a usecase where I want users Ory Community #ory-copilot

<@U04UQ68083H> Hi, I have a usecase where I want u...

gray-beach-42495

10/13/2024, 1:23 PM

@chilly-king-10285 Hi, I have a usecase where I want users to be able to create identity with: • a field user_info

{customerId:number, username: string}

, email and password. And treat user_info as unique identifier • Google SSO However I'm facing an issue where if a user has an email already registered with oidc(google) it gives this error`{\"error\":{\"code\":409,\"status\":\"Conflict\",\"request\":\"29b67d3e-a694-9095-ae6c-5941fe981825\",\"reason\":\"This identity conflicts with another identity that already exists.\",\"message\":\"The resource could not be created due to a conflict\"}}` when i try creating a user with password and user_info. In short, is there a way to treat user_info as unique identifier and not the email (which seems to be the case right now) Identity schema:

Copy code

{
  "$id": "test-identity",
  "title": "Person",
  "type": "object",
  "properties": {
    "traits": {
      "type": "object",
      "properties": {
        "user_info": {
          "type": "object",
          "title": "User Information",
          "properties": {
            "username": {
              "type": "string",
              "title": "Username",
              "maxLength": 100
            },
            "customer_id": {
              "type": "number",
              "title": "Customer Id"
            }
          },
          "<http://ory.sh/kratos|ory.sh/kratos>": {
            "credentials": {
              "password": {
                "identifier": true
              },
              "webauthn": {
                "identifier": true
              },
              "totp": {
                "account_name": true
              }
            }
          }
        },
        "email": {
          "type": "string",
          "format": "email",
          "title": "E-Mail",
          "<http://ory.sh/kratos|ory.sh/kratos>": {
            "recovery": {
              "via": "email"
            },
            "verification": {
              "via": "email"
            }
          },
          "maxLength": 320
        }
      },
      "required": [
        "user_info",
        "email"
      ],
      "additionalProperties": false
    }
  },
  "$schema": "<http://json-schema.org/draft-07/schema#>"
}

brief-egg-61061

10/13/2024, 1:23 PM

A message from kapa.ai

brief-egg-61061

10/13/2024, 1:24 PM

Based on the information provided in the knowledge sources, Ory Kratos allows you to define custom identity schemas and set specific fields as identifiers. However, it's important to note that each identifier must be universally unique. If you try to create or update an identity with an identifier that already exists, the system will reject the request with a 409 Conflict state. This is likely the reason you're seeing the conflict error when trying to create a user with an email already registered with Google SSO. In your case, you want to treat

user_info

as a unique identifier. However, your current schema seems to be setting both

user_info

and

email

as identifiers. If you want to treat

user_info

as the unique identifier and not the email, you should remove the

identifier: true

line from the

email

field in your schema. Here's an example of how you might modify your schema:

Copy code

json
{
  "$id": "test-identity",
  "title": "Person",
  "type": "object",
  "properties": {
    "traits": {
      "type": "object",
      "properties": {
        "user_info": {
          "type": "object",
          "title": "User Information",
          "properties": {
            "username": {
              "type": "string",
              "title": "Username",
              "maxLength": 100
            },
            "customer_id": {
              "type": "number",
              "title": "Customer Id"
            }
          },
          "<http://ory.sh/kratos|ory.sh/kratos>": {
            "credentials": {
              "password": {
                "identifier": true
              },
              "webauthn": {
                "identifier": true
              },
              "totp": {
                "account_name": true
              }
            }
          }
        },
        "email": {
          "type": "string",
          "format": "email",
          "title": "E-Mail",
          "<http://ory.sh/kratos|ory.sh/kratos>": {
            "recovery": {
              "via": "email"
            },
            "verification": {
              "via": "email"
            }
          },
          "maxLength": 320
        }
      },
      "required": [
        "user_info",
        "email"
      ],
      "additionalProperties": false
    }
  },
  "$schema": "<http://json-schema.org/draft-07/schema#>"
}

Please note that this change will make the

email

field no longer serve as an identifier for password-based authentication. It will still be used for recovery and verification purposes. Also, keep in mind that the

user_info

object as a whole is being treated as the identifier in this schema, not the individual

username

and

customer_id

fields. If you want each of these fields to be unique identifiers, you would need to set

identifier: true

for each of them individually. Finally, remember that changing the identity schema can have significant implications for your application, so it's important to thoroughly test these changes before deploying them to a production environment.

brief-egg-61061

10/13/2024, 1:24 PM

New message text here

gray-beach-42495

10/13/2024, 1:26 PM

@chilly-king-10285 i have the same identity schema as you provided and it still treats email as unique identifier

brief-egg-61061

10/13/2024, 1:26 PM

A message from kapa.ai

brief-egg-61061

10/13/2024, 1:26 PM

New message text here

3 Views

Open in Slack

Previous Next