Based on the knowledge sources, identities created in Ory Kratos via email-password and OIDC (OpenID Connect) are separate identities by default, but they can be linked together. When a user registers using either the password method or the OIDC method (such as "Sign in with Google"), a unique identity is created in the system. Each identity has its own unique identifier (UUID) and can have different authentication methods associated with it. Ory Kratos supports multiple authentication methods for identities, including: -

password

for signing in with email/username and password -

oidc

for social sign-in providers like Google or Facebook -

passkey

,

code

, and other methods [Login documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-login) shows that these are different methods that can be enabled or disabled in the configuration. There is evidence of issues with linking accounts. For example, in a GitHub issue, a user reported problems when trying to link a Google account to an existing account: > "I register an account using oidc with email A. Then I set a password for my account. After that, I unlink and link with other email B. But the trait and metadata are not updated with information from email B." Additionally, another GitHub discussion confirms that email addresses must be unique across the system: > "I can successfully login to provider A, but when logging in to provider B with the same email address I get the error message 'You tried to sign in with "some-email@test.com", but that email is already used by another account'. A button with the text 'Confirm with provider A' is the only option." The official response to this was: > "No its not possible to circumvent this because the email address must be unique. You could potentially circumvent this with multiple Ory Network projects / multiple Ory Kratos instances, but it is not documented." This indicates that Ory Kratos enforces email uniqueness across all identity types, and if you try to create an OIDC identity with an email that already exists for a password-based identity, you'll be prompted to link the accounts rather than creating a separate identity. In summary, while password and OIDC methods create different types of credentials for identities, the system treats them as potentially the same user if they share the same email address, and offers account linking rather than creating duplicate identities.