Hi there! I’m wondering if Kratos provides a mechanism to link OIDC identities that already exist. I know one can link a new OIDC provider to their identity via settings API but I’m wondering if something like this would be possible when two identities already exist in Kratos. Thanks!

Yes see here @brash-librarian-74886 https://www.ory.sh/docs/kratos/social-signin/link-multiple-provider-account

thanks for the reply @magnificent-energy-493! I don’t mean two identities with the same identifier (I don’t think kratos would allow to even have 2 with the same one 🤔 ). I mean the following: Imagine I logged in back in the day with my Google account to the system. I got logged out because I didn’t use the service for a very long time and I can’t recall which OIDC provider I used the first time, so I wrongly use Apple this second time. When I realised that I used an incorrect provider and that it was not actually my account I’d like to link both identities (google and apple) so they become a common one and I can use both OIDCs to login into it

Hey Noel, thanks for the clarification!

(I don’t think kratos would allow to even have 2 with the same one 🤔 )

Yes that is what I meant 😅 In your example if both identities (google and apple) have the same identifier (same email) associated with it then the automatic account linking should work as far as I can tell.

with the same email as identifier it would work yep. I was thinking about different email and the capability of linking

Hm I see. IMO in that case you maybe want to do the manual approach via the admin API, since how do you know those two emails are the same identity/user?