When we define traits or metadata public, these are also visible un the UI (Eg: registration page / Login page), is there any way to hide these attributes , but still have a ability to set these values while submitting the form ?

You can use

metadata_admin

for this https://www.ory.sh/docs/kratos/manage-identities/managing-users-identities-metadata and a modifying webhook to set it https://www.ory.sh/docs/guides/integrate-with-ory-cloud-through-webhooks#update-identity-metadata

Even after adding under metadata_admin, i see these attributes are coming in signup form. Is tehre any additional properties to be set to hide these attributes from the registration form?

Hello @important-area-42405 Can you share your identity schema maybe? metadata_admin/public should not be visible on the sign up page.

@magnificent-energy-493 cc: @important-area-42405

{
  "$id": "<http://prodigyfinance.com/schemas/student.schema.json>",
  "title": "student",
  "type": "object",
  "properties": {
    "traits": {
      "type": "object",
      "properties": {
        "email": {
          "type": "string",
          "format": "email",
          "title": "E-Mail",
          "<http://ory.sh/kratos|ory.sh/kratos>": {
            "credentials": {
              "password": {
                "identifier": true
              },
              "webauthn": {
                "identifier": true
              },
              "totp": {
                "account_name": true
              }
            },
            "recovery": {
              "via": "email"
            },
            "verification": {
              "via": "email"
            }
          },
          "maxLength": 320
        },
        "phone": {
          "title": "Phone",
          "type": "string",
          "format": "tel",
          "<http://ory.sh/kratos|ory.sh/kratos>": {
            "credentials": {
              "password": {
                "identifier": true
              }
            }
          }
        },
        "preferred_name": {
          "title": "Preferred Name",
          "type": "string"
        }
      },
      "required": [
        "email",
        "phone",
        "preferred_name"
      ],
      "additionalProperties": false
    },
    "metadata_admin": {
      "type": "object",
      "properties": {
        "guid": {
          "title": "Guid",
          "type": "string"
        },
        "identity_type": {
          "title": "Identity Type",
          "type": "string"
        },
        "identity_issuer": {
          "title": "Identity Issuer",
          "type": "string"
        },
        "referred_by": {
          "title": "Referred By",
          "type": "string"
        }
      }
    }
  }
}

metadata_admin

should not be part of the schema

You can remove

"type": "object",
      "properties": {
        },

from the admin_metadata and it wont be rendered as fields in the managed UI

As far as I understand, adding it to the schema doesn’t have any effect, so there is no need to add it

@magnificent-energy-493 The registration form post with this payload ignored the metadata_public { "csrf_token": "xxxx", "traits.preferred_name": "LNR", "password": "xxxxx!", "traits.email": "xx.yy@gmail.com", "traits.phone": "+91xxxxxxx", "customer_policy_accepted": true, "customer_marketing_opt_in": true, "metadata_public.identity_type": "student", "metadata_public.identity_issuer": "auth2", "method": "password" }

“Metadata are the attributes defined by the system admin that can’t be updated or modified by the identity owner.” https://www.ory.sh/docs/kratos/manage-identities/managing-users-identities-metadata

okie got it

no it doesn’t get called see also the relevant documentation: https://www.ory.sh/docs/kratos/hooks/configure-hooks#action-triggers

@gentle-thailand-50068 any reason why we dont want to send webhook events for unsuccessful logins? This is important from auditing and metrics point of view