How do I prevent a user from being able to edit th...
# talk-kratosa
aloof-oxygen-62624
11/15/2022, 2:11 PMHow do I prevent a user from being able to edit their account details?
s
steep-lamp-91158
11/15/2022, 2:56 PM
there is
traitsmetadata_publicmetadata_admina
aloof-oxygen-62624
11/15/2022, 3:09 PMThanks 👍
aloof-oxygen-62624
11/15/2022, 3:10 PMAnd a follow-up question, the user is created via a Microsoft login. If I define those Jsonnet mappers between metadata and the claims returned by Microsoft and one of the claims has changed, will it be automatically updated in Kratos?
aloof-oxygen-62624
11/15/2022, 3:10 PM@steep-lamp-91158
s
steep-lamp-91158
11/15/2022, 3:13 PM
I don't think it will... but pretty sure there is an issue already for this
a
aloof-oxygen-62624
11/15/2022, 3:14 PMDo you happen to have a link?
s
steep-lamp-91158
11/15/2022, 3:14 PM
https://github.com/ory/kratos/issues/2326
and possibly more are somewhat related
a
aloof-oxygen-62624
11/15/2022, 3:15 PMAh, thats bad. Has any work been done in that direction?
s
steep-lamp-91158
11/15/2022, 3:16 PM
I don't think so
steep-lamp-91158
11/15/2022, 3:16 PM
but you can comment on any suiting issue, and if you are using Ory Network we can prioritize the issue
a
aloof-oxygen-62624
11/15/2022, 3:17 PMI am using Ory Network, but only the free version
aloof-oxygen-62624
11/15/2022, 3:19 PMSince it's possible to retrieve a user's social login OIDC token though, it should be possible to run the Jsonnet on a different server and then update the user remotely
s
steep-lamp-91158
11/15/2022, 3:20 PM
yes I think there is some workarounds you can do
a
aloof-oxygen-62624
11/15/2022, 3:26 PMThis also means that any changes to a jsonnet mapper wont get propagated to existing users, meaning user schemas will fall out of sync...
s
steep-lamp-91158
11/15/2022, 3:50 PM
the whole concept needs some kind of migration for cases where you update the schema or mapper or similar
same as migrations in document based databases
steep-lamp-91158
11/15/2022, 3:50 PM
effectively it is a document based database
a
aloof-oxygen-62624
11/15/2022, 3:56 PMSince our user data is completely read-only and set based on data from the OIDC token, a proper migration wouldnt be necessary since it could be constructed from the token if an update occurs.
aloof-oxygen-62624
11/15/2022, 3:56 PMIf that is understandable
aloof-oxygen-62624
11/15/2022, 3:57 PMWe're still in the process of deciding if we will end up using Kratos in our application, but keeping records up to date is crucial for us.
In case we do decide to use Kratos, do you do stuff like feature bounties for the issue you linked before?
s
steep-lamp-91158
11/15/2022, 4:16 PM
we did not yet, but we can talk about that
a
aloof-oxygen-62624
11/15/2022, 4:19 PMI'll let you know then 👍
aloof-oxygen-62624
11/16/2022, 11:39 AM@steep-lamp-91158 Looks like there's some activity in regards to updating users now 😄
https://github.com/ory/kratos/issues/2898
14 Views