Enhancement: Increase Customizability for Self-Management

[NV4RE]

Preflight checklist

• [X] I could not find a solution in the existing issues, docs, nor discussions.
• [X] I agree to follow this project's Code of Conduct.
• [X] I have read and am following this repository's Contribution Guidelines.
• [x] I have joined the Ory Community Slack.
• [ ] I am signed up to the Ory Security Patch Newsletter.

Ory Network Project

No response

Describe your problem

1. Admin API Session Creation: Currently, I encounter limitations when integrating with external identity providers like Line LIFF, which do not implement OIDC. I attempt to map the UID provided by the Line Liff SDK to a Kratos identity. Although I've tried using passwordless.code, the documentation appears outdated, and I encounter errors when enabling it.

kratos.yml

The configuration contains values or keys which are invalid:
selfservice.methods.code: map[config:map[lifespan:15m0s] enabled:true passwordless_enabled:true]
                          ^-- additionalProperties "passwordless_enabled" not allowed

identity.schema.json

The configuration contains values or keys which are invalid:
properties.traits.properties.email.ory\.sh/kratos.credentials: map[code:map[identifier:true via:email] password:map[identifier:true] totp:map[account_name:true] webauthn:map[identifier:true]]
                                                               ^-- additionalProperties "code" not allowed
time=2024-02-07T07:44:10Z level=error msg=Unable to instantiate configuration. func=github.com/ory/kratos/driver.NewWithoutInit file=/project/driver/factory.go:43 audience=application error=map[message:I[#] S[#/allOf/1] allOf failed
  I[#/properties/traits/properties/email] S[#/allOf/1/properties/properties/properties/traits/properties/properties/patternProperties/.%2A/allOf/0] allOf failed
    I[#/properties/traits/properties/email] S[#/allOf/1/properties/properties/properties/traits/properties/properties/patternProperties/.%2A/allOf/0/$ref] doesn't validate with "ory://identity-extension#"
      I[#/properties/traits/properties/email] S[#/allOf/0] allOf failed
        I[#/properties/traits/properties/email/ory.sh~1kratos/credentials] S[#/allOf/0/properties/ory.sh~1kratos/properties/credentials/additionalProperties] additionalProperties "code" not allowed stack_trace:
github.com/ory/kratos/driver/config.(*Config).validateIdentitySchemas
        /project/driver/config/config.go:450
github.com/ory/kratos/driver/config.New
        /project/driver/config/config.go:368
github.com/ory/kratos/driver.NewWithoutInit
        /project/driver/factory.go:41
github.com/ory/kratos/driver.New
        /project/driver/factory.go:18
github.com/ory/kratos/cmd/serve.NewServeCmd.func1
        /project/cmd/serve/root.go:26
github.com/spf13/cobra.(*Command).execute
        /go/pkg/mod/github.com/spf13/cobra@v1.7.0/command.go:940
github.com/spf13/cobra.(*Command).ExecuteC
        /go/pkg/mod/github.com/spf13/cobra@v1.7.0/command.go:1068
github.com/spf13/cobra.(*Command).Execute
        /go/pkg/mod/github.com/spf13/cobra@v1.7.0/command.go:992
github.com/ory/kratos/cmd.Execute
        /project/cmd/root.go:61
main.main
        /project/main.go:21
runtime.main
        /usr/local/go/src/runtime/proc.go:250
runtime.goexit
        /usr/local/go/src/runtime/asm_arm64.s:1172] service_name=Ory Kratos service_version=v1.0.0
Error: I[#] S[#/allOf/1] allOf failed
  I[#/properties/traits/properties/email] S[#/allOf/1/properties/properties/properties/traits/properties/properties/patternProperties/.%2A/allOf/0] allOf failed
    I[#/properties/traits/properties/email] S[#/allOf/1/properties/properties/properties/traits/properties/properties/patternProperties/.%2A/allOf/0/$ref] doesn't validate with "ory://identity-extension#"
      I[#/properties/traits/properties/email] S[#/allOf/0] allOf failed
        I[#/properties/traits/properties/email/ory.sh~1kratos/credentials] S[#/allOf/0/properties/ory.sh~1kratos/properties/credentials/additionalProperties] additionalProperties "code" not allowed

2. Session Arbitrary Metadata Fields: It's essential to include fields specific to each session, such as the business unit or role associated with the session. However, managing these through relations in KETO requires significant effort in terms of cleanup for revoked, timed-out, or unused sessions.

3. Email Template Customization: The current level of customization for email templates is insufficient. For instance, when users register from different platforms like Bitbucket or Jira, I need the email templates to reflect the branding of the respective platform. However, managing this customization for various scenarios becomes cumbersome.

Describe your ideal solution

• Enable session creation via the Admin API.
• Allow the addition of arbitrary data to sessions.
• Provide more extensive customization options for email templates, including branding based on the originating platform, or additional variable other than .To, .Identity, in create those flow options
• Implement the ability to choose courier options or receive codes directly in the response for Admin API actions, instead of send to courier automatically.

Workarounds or alternatives

Current workarounds involve manual interventions, such as directly generating and inserting tokens into the database or using external key-value stores for metadata storage. Additionally.

Version

v1.0

Additional Context

No response

[NV4RE]

LINE LIFF (LINE Front-end Framework) is a tool provided by LINE, a messaging platform. It lets developers put their web apps directly inside the LINE app.

Here's how it works:

1. Integration in LINE App: With LIFF, developers can place their web apps inside the LINE app. This means users can use the web app without leaving LINE.

2. Authentication with LINE SDK: When users interact with the web app in LINE, LINE's authentication system checks their identity. This system gives the web app the user's LINE ID, a unique identifier.

3. Getting User Info: The web app gets the user's LINE ID. This ID helps the app recognize each user uniquely.

In short, LINE LIFF lets developers add their web apps to LINE. When users use these apps, LINE shares their ID, so the app can recognize them.

The reason we opt for LINE LIFF instead of directing users to our website is because people here predominantly use the LINE app for all their activities; they rarely use web browsers.