aeneasr
commented
1 year ago Closed lus closed 1 year ago
aeneasr
commented
1 year ago 
lus
commented
1 year ago But as mentioned, is it possible to use metadata as primary identifiers for the identity?
aeneasr
commented
1 year ago Ah, I see. In that case you would probably use a blocking web hook to prevent the changing of the username as part of the settings flow: https://www.ory.sh/docs/kratos/hooks/configure-hooks#non-blocking-webhooks
lus
commented
1 year ago This it what I have done now, but I still wanted to ask if this is something coming to kratos natively. If it won't, then I'll open source my web hook that integrates with the identity schema for others to easily achieve this.
aeneasr
commented
1 year ago That would be awesome! It's one of the reasons why we added these blocking web hooks :) Configuring Ory is already hard enough and we would like to avoid further configuration options.
baszalmstra
commented
1 year ago This it what I have done now, but I still wanted to ask if this is something coming to kratos natively. If it won't, then I'll open source my web hook that integrates with the identity schema for others to easily achieve this.
I have your exact same requirement and would love to use your solution too!
lus
commented
1 year ago This it what I have done now, but I still wanted to ask if this is something coming to kratos natively. If it won't, then I'll open source my web hook that integrates with the identity schema for others to easily achieve this.
I have your exact same requirement and would love to use your solution too!
Alright, I'll do my best to create an open source project for that as quickly as possible. My current solution is very hardcoded to my use case so it's not something that's usable for anyone else. I'll let you know!
baszalmstra
commented
1 year ago Thanks! I appreciate it!
lus
commented
1 year ago @baszalmstra hello, I just published the first version of kratos-readonly-traits which hopefully fits your needs. Feel free to hit me up if you encounter any issues :)
baszalmstra
commented
1 year ago @lus thats amazing! Thank you! Ill give it a go!
aeneasr
commented
1 year ago Wow that's epic! :)
dhia-gharsallaoui
commented
2 months ago Hello @aeneasr :wave: Is this still the only way to do it, or is there a newer implementation of this feature?
renom
commented
2 months ago function(ctx) {
schema_url: ctx.identity.schema_url,
old_traits: ctx.flow.identity.traits,
new_traits: ctx.identity.traits
}Is ctx.flow.identity supposed to have "before updates" identity data?
I can't find info in the docs that describes such behavior. Isn't it a bug?
Preflight checklist
Describe your problem
I have a use case where the username of an account may only be chosen once when registering for an account. It should be impossible to change it later on. I want to do this because there are other services in my domain that use Kratos as identity provider. When logging in to these services for the first time, the username chosen in Kratos is used there too and cannot be changed. Basically I want a 100% consistent use of usernames across the whole domain and all its services. If the Kratos username changes, I'd have to change the usernames of this user on all other services too, which is not always possible (Mastodon for example does not allow username changes).
Describe your ideal solution
I think of some additional field inside the
ory.sh/kratosextension namespace in the identity schema, maybe something like https://github.com/ory/kratos/issues/47#issuecomment-950391907.Workarounds or alternatives
There were multiple issues regarding this functionality, including #117 and #47 . Those issues were closed because of the new metadata feature. While I get that this may be a good solution for many use cases, I do not see how it could work with requirements like mine. As far as I read the documentation, metadata fields cannot be used as credential identifiers, are not validated and don't show up in the registration flow because they aren't part of the schema.
While I really like the metadata feature and would like to keep it, I don't see it as a replacement for such schema extensions, but rather as an additional feature, simplifying other, different use cases.
Version
latest master branch (https://github.com/ory/kratos/commit/9d640330bd859b6e946dc6f7eb33bb9cdb4a3cc0)
Additional Context
This would be something I'd love to implement in Kratos by the way. I really like the project and the Ory ecosystem and I think this would be a perfect task for me to dig into the codebase to start contributing.