https://www.ory.sh/ logo
#talk-kratos
Title
# talk-kratos
m

millions-van-11508

04/01/2022, 6:19 AM
In a perfect world, I'd be able to use Kratos for social sign-in with the following features: 1. Trivial linking of multiple social logins 2. Able to link social logins that use different emails a. e.g. github with abc@gmail.com and google with xyz@gmail.com linked to the same Kratos identity 3. Able to have different identities for different social logins with the same email a. e.g. github with abc@gmail.com and google with abc@gmail.com linked to different Kratos identities 4. Able to link social logins of the same site with different emails a. e.g. github with abc@gmail.com and github with xyz@gmail.com linked to the same Kratos identity 5. Able to link already-registered social logins a. Implies being able to merge existing Kratos identities 6. Able to register with a social login without reading user email at all Can someone from Ory chime in on how realistically I can achieve each of these with Kratos now or in the foreseeable future?
1
t

thankful-eye-36765

04/01/2022, 7:56 AM
I am also looking for the same answers.
m

magnificent-energy-493

04/02/2022, 7:07 AM
Hey folks, apologies for the late answer.
Can someone from Ory chime in on how realistically I can achieve each of these with Kratos now or in the foreseeable future?
tl;dr: Yes you can achieve this with Ory Kratos right now 😉 1. Trivial linking of multiple social logins Yes that is possible, see this document. 2. Able to link social logins that use different emails a. e.g. github with abc@gmail.com and google with xyz@gmail.com linked to the same Kratos identity That should be no problem, since the primary identifier is the
sub
field (
sub
is linking the OIDC credentials to an identity), see this document.
Copy code
the ID Token body (or the OAuth2 equivalent) returned by the OpenID Connect provider contains:
{
  "sub": "some-identity-id-4hA8gk",
  "email": "<mailto:foo@ory.sh|foo@ory.sh>",
  "website": "<https://www.ory.sh>"
}
which is then being used for the identity's traits.
3. Able to have different identities for different social logins with the same email a. e.g. github with abc@gmail.com and google with abc@gmail.com linked to different Kratos identities Same case as above - interesting use case, do you have a practical example for this one? 4. Able to link social logins of the same site with different emails a. e.g. github with abc@gmail.com and github with xyz@gmail.com linked to the same Kratos identity Same case as above, use the
sub
field which is going to be differen for each gh social. 5. Able to link already-registered social logins a. Implies being able to merge existing Kratos identities You cant merge them directly, but you can create and update identities: https://www.ory.sh/docs/kratos/admin/managing-users-identities#operation/getVersion 6. Able to register with a social login without reading user email at all Sure, just leave it out in the claims.
❤️ 1
👍 1
🙌 1
h

high-optician-2097

04/02/2022, 10:19 AM
Thank you vincent, great answer! 🙂
m

millions-van-11508

04/02/2022, 1:01 PM
Thank you very much for the comprehensive response!
9 Views