https://www.ory.sh/ logo
h

hundreds-addition-23490

03/16/2022, 11:28 AM
Hello Everyone, I am new to Kratos and I want to know what are the best practices to define an identity schema. Should I store profile information in schema or should I store it in application backend?
m

magnificent-energy-493

03/16/2022, 2:02 PM
Hello @User This depends on your security requirements, but in general it is a best practice to not store more information in the identity schema than is needed. So ideally all business-related information you can store in application backend and everything that is needed for auth you should store in the identity schema. there are no hard & fast rules to this, there might be expections where it makes a lot of sense to store more information in the identity schema. be aware that (currently) users can view and modify identity traits - there is an issue open to provide more control here: https://github.com/ory/kratos/issues/47
1