POST /admin/identities response fields unset

[Matthias64]

Preflight checklist

• [X] I could not find a solution in the existing issues, docs, nor discussions.
• [X] I agree to follow this project's Code of Conduct.
• [X] I have read and am following this repository's Contribution Guidelines.
• [ ] I have joined the Ory Community Slack.
• [ ] I am signed up to the Ory Security Patch Newsletter.

Describe the bug

Hello,

We are using oryd/kratos:v1.0.0. When we create an identity with credentials, the response contains wrong values for credentials.identifiers, credentials.created_at and credentials.updated_at :

POST to /admin/identities payload

{   
    "credentials": {
        "password": {
            "config": {
                "password": "HelloWorld"
            }
        }
    },
    "traits": {
        "email": "test@gmail.com"
    }
}

POST to /admin/identities partial response

    "id": "0009e8ff-2665-49be-9c8a-351a42d949b8",
    "credentials": {
        "password": {
            "type": "password",
            "identifiers": null,
            "version": 0,
            "created_at": "0001-01-01T00:00:00Z",
            "updated_at": "0001-01-01T00:00:00Z"
        }
    }

When we retrieve the same identity right after, the payload is correct with all the fields set GET to /admin/identities/0009e8ff-2665-49be-9c8a-351a42d949b8 partial response

    "id": "0009e8ff-2665-49be-9c8a-351a42d949b8",
    "credentials": {
        "password": {
            "type": "password",
            "identifiers": [],
            "version": 0,
            "created_at": "2023-09-11T17:47:59.111957Z",
            "updated_at": "2023-09-11T17:47:59.111957Z"
        }
    }

I would expect to get credentials.created_at, credentials.updated_at and credentials.identifiers filled with their actual values on the POST.

Also because of that we face failure using JAR ory-client:1.1.45 when IdentityCredentials.java tries to validate the JSON payload:

java.lang.IllegalArgumentException: Expected the field `identifiers` to be an array in the JSON string but got `null`
    at sh.ory.model.IdentityCredentials.validateJsonObject(IdentityCredentials.java:357)
    at sh.ory.model.IdentityCredentials$CustomTypeAdapterFactory$1.read(IdentityCredentials.java:399)
    at sh.ory.model.IdentityCredentials$CustomTypeAdapterFactory$1.read(IdentityCredentials.java:372)

Thanks

Reproducing the bug

1. Start Kratos
2. Create Identity with credentials using POST /admin/identities

Relevant log output

No response

Relevant configuration

No response

Version

oryd/kratos:v1.0.0

On which operating system are you observing this issue?

Linux

In which environment are you deploying?

Kubernetes

Additional Context

As a workaroound, in case that can help others, I have replaced the createIdentity by a call too batchPatchIdentities. As the response does not contain credentials it can be parsed probably by ory-client:1.1.45

[aeneasr]

Can you please check this on the latest master branch (you can use make docker) and SDK?

Also can you please include a fully reproducible example (preferably against an Ory Network project and with some CURL commands). Thanks!

[Matthias64]

Hello,

I reproduced it on an Ory Network Project as follows :

1. Create a new Project
2. Set default identity schema to

   {
   "$id": "https://schemas.ory.sh/presets/kratos/identity.email.schema.json",
   "title": "Person",
   "type": "object",
   "properties": {
   "traits": {
     "type": "object",
     "properties": {
       "email": {
         "type": "string",
         "format": "email",
         "title": "E-Mail",
         "ory.sh/kratos": {
           "credentials": {
             "password": {}
           }
         },
         "maxLength": 320
       }
     },
     "required": [
       "email"
     ],
     "additionalProperties": false
   }
   }
   }

3. Create an API_KEY
4. Runing POST identity CURL command :

   curl -X POST -H "Authorization: Bearer API_KEY" -H 'Content-Type: application/json' -d '{                                                              ─╯
   "credentials": {
       "password": {
           "config": {
               "password": "HelloWorld"
           }
       }
   },
   "traits": {
       "email": "tes21abc@gmail.com"
   }
   }' https://busy-borg-n8ih2ob1dd.projects.oryapis.com/admin/identities | jq

   In the output credentials created_at and updated_at are set to "0001-01-01T00:00:00Z" and identifiers is set to null

   {
   "id": "3b927c1d-bd7e-492e-a574-9b380c0e7041",
   "credentials": {
   "password": {
     "type": "password",
     "identifiers": null,
     "version": 0,
     "created_at": "0001-01-01T00:00:00Z",
     "updated_at": "0001-01-01T00:00:00Z"
   }
   },
   "schema_id": "b20d3e662c35fdeb646de7658ff490347e8b01327ceba95150362c8556323b6ce550b347cee1e585f5efe15669474be5736b8bc6c8f77f36caa821d05b0caaf4",
   "schema_url": "https://busy-borg-n8ih2ob1dd.projects.oryapis.com/schemas/YjIwZDNlNjYyYzM1ZmRlYjY0NmRlNzY1OGZmNDkwMzQ3ZThiMDEzMjdjZWJhOTUxNTAzNjJjODU1NjMyM2I2Y2U1NTBiMzQ3Y2VlMWU1ODVmNWVmZTE1NjY5NDc0YmU1NzM2YjhiYzZjOGY3N2YzNmNhYTgyMWQwNWIwY2FhZjQ",
   "state": "active",
   "state_changed_at": "2023-09-26T07:51:32.320016706Z",
   "traits": {
   "email": "tes21abc@gmail.com"
   },
   "metadata_public": null,
   "created_at": "2023-09-26T07:51:32.323942Z",
   "updated_at": "2023-09-26T07:51:32.323942Z",
   "organization_id": null
   }

   And this causes a validation error on the ory-client JAR

   java.lang.IllegalArgumentException: Expected the field `identifiers` to be an array in the JSON string but got `null`
   at sh.ory.model.IdentityCredentials.validateJsonObject(IdentityCredentials.java:357)
   at sh.ory.model.IdentityCredentials$CustomTypeAdapterFactory$1.read(IdentityCredentials.java:399)
   at sh.ory.model.IdentityCredentials$CustomTypeAdapterFactory$1.read(IdentityCredentials.java:372)

[aeneasr]

Thank you for the reproduction!