Hey all, If someone has a minute, I'd like a validation that what I intend to do will work for merging identities, specifically their social credentials. The context is that, through social sign-in, connecting with two new social accounts will create two identities. Later on, we'll allow our users to prove that both accounts belong to them, and we want to merge them into one identity with both social credentials attached. The idea is to merge the credentials from identity A into identity B (we don't care about the content of the identities for now): 1. Fetch the credentials from identity A => using https://www.ory.sh/docs/kratos/reference/api#operation/adminGetIdentity 2. Import the credentials from A into identity B => using https://www.ory.sh/docs/kratos/manage-identities/import-user-accounts-identities#social-sign-in-connections 3. Delete identity A => using https://www.ory.sh/docs/kratos/reference/api#operation/adminDeleteIdentity Can that work? Or is there a constraint that does not allow having twice the same social credentials in DB perhaps? Bonus question (I'm just starting to reflect on): how can we avoid race conditions in this multi call flow? 😄

@gray-machine-46287 while we have not seen a similar implementation in the community yet, I think your goal can be achieved. AFAIK there will be know conflict in the database, with the possible exception of database migration in version changes might check for duplicates. Perhaps you can open a GH Issue for that scenario. Regarding the race conditions part, can you go into some more detail about your run time system

Hi Thomas! Thanks for the answer. I'll open a GitHub issue on Kratos for that 👍 An API endpoint for this process would come in handy 😉 But good to know that it should be no problem per se (without the guarantee that no DB schema changes will occur). About the race condition, it's not so much a question of the run time I think. But with the 3 step process above to merge two identites, the step #2 is more or less "saving a new configuration" to the identity. So if two of these processes are running at the same time, for instance, merging A into B, and the other merging C into B - then it' possible that one save overwrite the other. And we end up with A and C deleted, but B only has the credentials from one those deleted identities. I'm sure if this explanation is clear 😅 A theoretical solution would be to "lock" the identity B during the operation, so that we are sure not to lose any data.