Unable to select custom Identity Schema

[roboptics]

Preflight checklist

• [X] I could not find a solution in the existing issues, docs, nor discussions.
• [X] I agree to follow this project's Code of Conduct.
• [X] I have read and am following this repository's Contribution Guidelines.
• [X] This issue affects my Ory Cloud project.
• [ ] I have joined the Ory Community Slack.
• [ ] I am signed up to the Ory Security Patch Newsletter.

Describe the bug

Since early last week we are unable to select any of our custom identity schemas. The following error is shown in the Ory Console:

An error occurred: Error: Request failed with status code 400

Some of these schemes have several months and were working before. Please advise.

Reproducing the bug

1. Go to the Ory Cloud Console
2. Select Identity Schema on the left menu
3. Pick one of the custom identity schemas
4. Click update (and a notification with the described error appears)

Relevant log output

No response

Relevant configuration

No response

Version

Web Ory Cloud Console

On which operating system are you observing this issue?

Ory Cloud

In which environment are you deploying?

No response

Additional Context

No response

[aeneasr]

Do you by any chance have multiple users on your project? If so, are you the primary user?

[roboptics]

Almost sure I am the only user. How can I check?

[aeneasr]

Ok, thanks, if you have a project on the start up plan you can go to "settings" and it should show all invited users.

Can you maybe show a screenshot of the error and also what the 400 response says in its body? Make sure to redact any sensitive headesr like Cookie, Set-Cookie, and Authorization! :)

[roboptics]

Hi,

I confirm I am the only user. We're on the developer plan, so I don't think it is even possible to invite other users.

Below find the full request / response for the 400 error:

Request

Request URL: https://api.console.ory.sh/backoffice/public/projects/ Request Method: PUT Status Code: 400 Remote Address: Referrer Policy: strict-origin-when-cross-or

Response

access-control-allow-credentials: true access-control-allow-origin: https://console.ory.sh access-control-expose-headers: Content-Type, Set-Type, Link, X-Total-Count cf-cache-status: DYNAMIC cf-ray: 6de6b0bb686a385d-MAD content-length: 274 content-security-policy-report-only: default-src 'self'; worker-src 'self' blob:;script-src 'self' 'unsafe-inline' https://cdn.iubenda.com https://www.iubenda.com https://www.googletagmanager.com https://ory.sh https://www.ory.sh https://js.stripe.com https://sqa-web.ory.sh https://cdn.jsdelivr.net;connect-src 'self' https://project.console.ory.sh https://*.projects.oryapis.com https://console.ory.sh wss://project.console.ory.sh wss://.projects.oryapis.com wss://console.ory.sh https://hits-i.iubenda.com https://.ingest.sentry.io https://sqa-web.ory.sh; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net;base-uri 'self'; form-action 'self' https://project.console.ory.sh https://*.projects.oryapis.com https://console.ory.sh https://github.com; frame-src 'self' https://js.stripe.com;font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net;manifest-src 'self'; frame-ancestors 'none'; img-src 'self' data: https://q.stripe.com https://js.stripe.com content-type: application/json date: Wed, 16 Feb 2022 12:13:31 GMT expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), usb=() referrer-policy: strict-origin-when-cross-origin server: cloudflare vary: Origin x-content-type-options: nosniff x-envoy-upstream-service-time: 177 x-frame-options: DENY :authority: api.console.ory.sh :method: PUT :path: /backoffice/public/projects/ :scheme: https accept: application/json, text/plain, / accept-encoding: gzip, deflate, br accept-language: en-US,en;q=0.9 content-length: 4511 content-type: application/json cookie: origin: https://console.ory.sh referer: https://console.ory.sh/ sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="98", "Google Chrome";v="98" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" sec-fetch-dest: empty sec-fetch-mode: cors sec-fetch-site: same-site user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.82 Safari/537.36

Payload

{id: "", name: "",…} created_at: "2022-01-31T21:03:30.111662Z" id: "" kratos_cookies_same_site: "Lax" kratos_courier_smtp_connection_uri: "" kratos_courier_smtp_from_address: "" kratos_courier_smtp_from_name: "" kratos_courier_smtp_headers: null kratos_identity_schemas: [{identity_schema_id: "", is_default: true}] kratos_secrets_cipher: null kratos_secrets_cookie: null kratos_secrets_default: null kratos_selfservice_allowed_return_urls: [] kratos_selfservice_default_browser_return_url: "/ui/welcome" kratos_selfservice_flows_error_ui_url: "" kratos_selfservice_flows_hooks: [{id: "",…}] kratos_selfservice_flows_login_after_default_browser_return_url: "" kratos_selfservice_flows_login_after_oidc_default_browser_return_url: "" kratos_selfservice_flows_login_after_password_default_browser_return_url: "" kratos_selfservice_flows_login_lifespan: "0s" kratos_selfservice_flows_login_ui_url: "" kratos_selfservice_flows_logout_after_default_browser_return_url: "" kratos_selfservice_flows_recovery_after_default_browser_return_url: "" kratos_selfservice_flows_recovery_enabled: true kratos_selfservice_flows_recovery_lifespan: "0s" kratos_selfservice_flows_recovery_ui_url: "" kratos_selfservice_flows_registration_after_default_browser_return_url: "" kratos_selfservice_flows_registration_after_oidc_default_browser_return_url: "" kratos_selfservice_flows_registration_after_password_default_browser_return_url: "" kratos_selfservice_flows_registration_lifespan: "0s" kratos_selfservice_flows_registration_ui_url: "" kratos_selfservice_flows_settings_after_default_browser_return_url: "" kratos_selfservice_flows_settings_after_password_default_browser_return_url: "" kratos_selfservice_flows_settings_after_profile_default_browser_return_url: "" kratos_selfservice_flows_settings_lifespan: "0s" kratos_selfservice_flows_settings_privileged_session_max_age: "15m0s" kratos_selfservice_flows_settings_required_aal: "highest_available" kratos_selfservice_flows_settings_ui_url: "" kratos_selfservice_flows_verification_after_default_browser_return_url: "" kratos_selfservice_flows_verification_enabled: true kratos_selfservice_flows_verification_lifespan: "0s" kratos_selfservice_flows_verification_ui_url: "" kratos_selfservice_methods_link_config_base_url: "" kratos_selfservice_methods_link_config_lifespan: "0s" kratos_selfservice_methods_link_enabled: true kratos_selfservice_methods_lookup_secret_enabled: true kratos_selfservice_methods_oidc_config_providers: [] kratos_selfservice_methods_oidc_enabled: false kratos_selfservice_methods_password_config_haveibeenpwned_enabled: null kratos_selfservice_methods_password_config_ignore_network_errors: null kratos_selfservice_methods_password_config_max_breaches: 0 kratos_selfservice_methods_password_enabled: true kratos_selfservice_methods_profile_enabled: null kratos_selfservice_methods_totp_config_issuer: "" kratos_selfservice_methods_totp_enabled: true kratos_selfservice_methods_webauthn_config_rp_display_name: "" kratos_selfservice_methods_webauthn_config_rp_icon: "" kratos_selfservice_methods_webauthn_config_rp_id: "" kratos_selfservice_methods_webauthn_config_rp_origin: "" kratos_selfservice_methods_webauthn_enabled: false kratos_session_cookie_persistent: null kratos_session_cookie_same_site: "Lax" kratos_session_lifespan: "0s" kratos_session_whoami_required_aal: "highest_available" name: "" project_id: "" updated_at: "2022-02-16T12:07:43.522678Z"

Preview

{error: {code: 400, status: "Bad Request", request: "41502d50-cf20-43e6-bd0e-e51a159e8c07",…}} error: {code: 400, status: "Bad Request", request: "41502d50-cf20-43e6-bd0e-e51a159e8c07",…} code: 400 message: "The request was malformed or contained invalid parameters" reason: "The given identity schema has not set a preset or custom identity schema or is otherwise invalid." request: "41502d50-cf20-43e6-bd0e-e51a159e8c07" status: "Bad Request"

---

On a side note, can we delete an existing identity schema? If so, how?

Thank you for your help.

[aeneasr]

Thank you for the report, I was able to reproduce this. The issue is that there is currently a bug in the UI logic where it is not possible to set an existing identity schema in the UI. As a workaround you can create a copy of the schema (so just click "customize identity schema", enter a name, click enter) to save the same schema as a new version, and then use that. That works for me at least!

[roboptics]

I confirm that it works (I had already tried it), but if you try to go back and select it again it no longer works. We will keep creating a new identity schema when we want to switch as a work around and wait for a fix.

This brings me to the question (at the bottom) in my last email. Can we delete identity schemas? If so, how?

Best,

[aeneasr]

Ok, currently it is not possible to delete them, but we could provide an option to forget the schema so it doesn't show up in the UI any more. We will also resolve this issue in the UI but a fix won't be available before next week as we also need to create a testing story around this!

[aeneasr]

We are still experiencing issues with the custom identity schemas. The data is all safe but it looks as if we have some regressions in the UI. We've got someone working on this though, sorry for the inconvenience