Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

<@U04UQ68083H> why does kratos created a password identifier when the user is only using oidc to authenticate? 

I'm sorry, but the knowledge sources do not explicitly explain why Ory Kratos would create a password identifier when a user is only using OIDC to authenticate. The documentation describes that each credential type (such as `password` or `oidc`) maintains its own set of unique identifiers, and that identifiers must be unique within each credential type. It also shows that it is possible for an identity to have both `password` and `oidc` credentials, each with their own identifiers, but it does not clarify why a password identifier would be created if only OIDC is used for authentication [Credentials](<https://www.ory.sh/docs/kratos/concepts/credentials>).  If you are seeing a password identifier being created in your setup, it may be due to a specific configuration or flow in your implementation, but this behavior is not detailed in the provided documentation.