https://www.ory.sh/ logo
#talk-kratos
Title
# talk-kratos
g

glamorous-sunset-68314

04/19/2022, 11:22 AM
Hello, I have Microsoft OAuth2 working. Is there a way to update traits after the user has already authenticated? I need to do another OAuth2 request with a different scope to update the token for IMAP.
m

magnificent-energy-493

04/19/2022, 11:24 AM
g

glamorous-sunset-68314

04/19/2022, 11:27 AM
@User Thanks for your quick reply. So I will have to implement the OAuth2 with the different scope myself (not using Ory Kratos)? I want to send a second OAuth2 request for the token (IMAP) which requires a different scope, after the user has authenticated with Microsoft via the first scope (to get their email).
I don't think there exists a flow for what I'm trying to do, I don't want to use the register flow since the user is already registered but I just want to send OAuth2 request with a different scope via Ory Kratos and update the traits.
m

magnificent-energy-493

04/19/2022, 11:29 AM
I am not sure about OAuth2.0 scopes and so on, but you can use the above to update traits in an Ory Kratos identity. So you • update traits • send another OAuth20 request with different scope to Azure?
g

glamorous-sunset-68314

04/19/2022, 11:31 AM
@User What I'm wanting to do is that Ory Kratos handles the second OAuth2 request for me after registration/login then Ory Kratos updates the traits. Otherwise I will have to implement the OAuth2 endpoints in Golang myself and redirect the user to my API endpoint which then does the OAuth2 and finally updates the traits via the endpoint you linked.
I don't want to do the second option because I want all authentication to go via Ory Kratos
m

magnificent-energy-493

04/19/2022, 1:24 PM
I see, I am not entirely clear how the flow would look. You would do a second login flow to a different OIDC provider? Maybe I am misunderstanding what the use of this second flow is (the user is already authenticated at this point, right?) , but using scopes for access control / permissions is not going to be smooth.
g

glamorous-sunset-68314

04/19/2022, 1:36 PM
@User The provider is Microsoft, it's the same endpoint but with a different scope so I need to define another (same) Microsoft provider in Ory Kratos configuration. I want to be able to call this flow to update the user traits with the IMAP token.
The user is already logged in.
m

magnificent-energy-493

04/19/2022, 1:45 PM
I see. You can try with the generic provider? Or a second Kratos instance (which shares the DB with the first instance) with the different scopes for MS. But I am not 100% sure if this is the best solution…
g

glamorous-sunset-68314

04/19/2022, 1:46 PM
@User The provider is not my problem, the OAuth2 works. But there is no method to send a second OAuth2 request with a different scope using Ory Kratos.
m

magnificent-energy-493

04/19/2022, 1:48 PM
Yea thats why I meant you use 2 Kratos instances configured with different scopes. But I will do some digging into what other solutions might be possible.
g

glamorous-sunset-68314

04/19/2022, 1:48 PM
You can define a second Microsoft provider with a different ID and the different scope that works. But I need a way to call this provider in React.
There is only register/login nothing to send to the provider and update the traits
m

magnificent-energy-493

04/19/2022, 1:52 PM
Ok I see now your problem. What about a second login flow with the different provider?
g

glamorous-sunset-68314

04/19/2022, 1:59 PM
@User The user is already logged in, I just need to update the traits, is that possible by submitting another login?
m

magnificent-energy-493

04/19/2022, 2:47 PM
Since you need to do a second flow to the same provider I think a second login flow would be a good option. (is there some way to do this in one flow? that would eliminate the problem IMO)
4 Views