https://www.ory.sh/ logo
Join Slack
Powered by
Hey folks, looking for guidance on how to think ab...
# ory-network
b
Hey folks, looking for guidance on how to think about user IDs in hosted Ory Network / Ory Permissions. I'm currently building a POC. The goal of my POC is: • Replace a small homegrown IDP with Ory Network • Users will register using Ory's self-service registration UI, and maybe social login in the future • Use Ory Permissions for simple multitenancy and basic RBAC When a user registers, Ory creates an ID like 
a96513fe-9926-4f86-9e59-469b582ff44d
. My question is, can that ID be treated as a stable/global ID for • Creating a user stub in our own service, to correlate other objects in our DB to a user • Ory Permissions recommends subject IDs be uuids also
I am considering either: 1. Use a registration 
after
hook to create a user stub in my service, with the same uuid as Ory's identity ID (e.g. 
a96513fe-9926-4f86-9e59-469b582ff44d
) a. Assume that Ory's ID will never change b. Use this as a subject ID in Ory Permissions when referring to this user also 2. Use a registration 
before
hook to create a user stub in my service, returning an ID generated by my service (e.g. 
0ujsszwN8NRY24YaXiTIE2VWDTS
), and storing that in 
metadata_admin.service_id
a. Use my service ID as the subject ID in Ory Permissions Any recommendations, or foot-guns that I need to be aware of?
d
this is exactly what we do - we have the Kratos identity ID referenced in our users table, and we have our 
user.id
referenced in the Kratos identity’s metadata_public property
we use 2 registration webhooks to perform the linking
we use 
metadata_public
because we need the client web app to be able to read it
m
My question is, can that ID be treated as a stable/global ID
Yes that ID can't be changed after creation and can be used as global ID.
5 Views
Open in Slack
PreviousNext
Powered by