millions-van-11508
04/01/2022, 6:19 AMthankful-eye-36765
04/01/2022, 7:56 AMmagnificent-energy-493
Can someone from Ory chime in on how realistically I can achieve each of these with Kratos now or in the foreseeable future?tl;dr: Yes you can achieve this with Ory Kratos right now 😉 1. Trivial linking of multiple social logins Yes that is possible, see this document. 2. Able to link social logins that use different emails a. e.g. github with abc@gmail.com and google with xyz@gmail.com linked to the same Kratos identity That should be no problem, since the primary identifier is the
sub
field (sub
is linking the OIDC credentials to an identity), see this document.
the ID Token body (or the OAuth2 equivalent) returned by the OpenID Connect provider contains:
{
"sub": "some-identity-id-4hA8gk",
"email": "<mailto:foo@ory.sh|foo@ory.sh>",
"website": "<https://www.ory.sh>"
}
which is then being used for the identity's traits.
3. Able to have different identities for different social logins with the same email
a. e.g. github with abc@gmail.com and google with abc@gmail.com linked to different Kratos identities
Same case as above - interesting use case, do you have a practical example for this one?
4. Able to link social logins of the same site with different emails
a. e.g. github with abc@gmail.com and github with xyz@gmail.com linked to the same Kratos identity
Same case as above, use the sub
field which is going to be differen for each gh social.
5. Able to link already-registered social logins
a. Implies being able to merge existing Kratos identities
You cant merge them directly, but you can create and update identities:
https://www.ory.sh/docs/kratos/admin/managing-users-identities#operation/getVersion
6. Able to register with a social login without reading user email at all
Sure, just leave it out in the claims.high-optician-2097
millions-van-11508
04/02/2022, 1:01 PM