Based on the knowledge sources, there isn't explicit documentation showing how to disable only the OIDC settings flow while keeping other settings flows enabled. The settings flow in Ory Kratos supports multiple methods including

password

,

oidc

, and

profile

, which can be individually enabled or disabled in the configuration:

yaml selfservice:   methods:     password:       enabled: true     oidc:       enabled: false  # Disable OIDC method     profile:       enabled: true   # ...

By setting

oidc.enabled

to

false

as shown above, you can disable the OIDC method in the settings flow while keeping other methods like password and profile enabled [Settings and profile updates](https://www.ory.sh/docs/kratos/self-service/flows/user-settings). This configuration would prevent users from linking or unlinking social sign-in providers (like Google, Facebook, GitHub) in their settings, while still allowing them to update their password and profile information. Note that while it's possible to disable the entire settings flow, the knowledge sources don't specifically mention a GUI option for disabling individual methods within the settings flow through the Ory Console UI, though this can be done through configuration as shown above.

@chilly-king-10285 wouldn’t that block OIDC as a method for login/registration?

No, disabling OIDC in the settings flow would not block OIDC as a method for login and registration. The configuration for each flow is separate in Ory Kratos. In Ory Kratos, the self-service flows (registration, login, and settings) have their own method configurations. You can enable or disable methods independently for each flow:

yaml selfservice:   methods:     password:       enabled: true     oidc:       enabled: true  # This enables OIDC for login/registration   flows:     settings:       # Configuration specific to settings flow

The issue mentioned in GitHub issue #4185 actually highlights this separation - a user reported that they could register and login with both password and OIDC methods, but when they tried to use the settings flow to link their password-based account with Google, the OIDC option wasn't available in the settings flow [Settings flow does not have

link

option with OIDC & Password methods enabled](https://github.com/ory/kratos/issues/4185). An Ory team member confirmed this is a limitation in the API flows, stating: "While we do support OIDC on native now, we never got around to also adding that support to the settings flow." So you can disable OIDC in the settings flow while keeping it enabled for login and registration flows. The methods configuration applies to all flows, but you can implement additional logic to control which methods are available in specific flows.

New message text here