Giters

ory / kratos

Next-gen identity server replacing your Auth0, Okta, Firebase with hardened security and PassKeys, SMS, OIDC, Social Sign In, MFA, FIDO, TOTP and OTP, WebAuthn, passwordless and much more. Golang, headless, API-first. Available as a worry-free SaaS with the fairest pricing on the market!

Home Page:https://www.ory.sh/kratos/?utm_source=github&utm_medium=banner&utm_campaign=kratos

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Metadata and trait not update on link with other google account via oidc

HoangViet144 opened this issue · comments

commented

Preflight checklist

Ory Network Project

No response

Describe the bug

When linking with other google account, the trait and metadata are not updated with information from new google account.

My kratos supports both password and oidc.
I register an account using oidc with email A.
Then I set a password for my account
After that, I unlink and link with other email B. But the trait and metadata are not updated with information from email B. In the setting hook, I dont have any info from new link account to update manually using hook

"identity.default.schema.json": |
  {
    "$id": "https://schemas.ory.sh/presets/kratos/identity.email.schema.json",
    "$schema": "http://json-schema.org/draft-07/schema#",
    "title": "Person",
    "type": "object",
    "properties": {
      "traits": {
        "type": "object",
        "properties": {
          "first_name": {
            "type": "string",
            "title": "First name",
            "maxLength": 256
          },
          "last_name": {
            "type": "string",
            "title": "Last name",
            "maxLength": 256
          },
          "email": {
            "type": "string",
            "format": "email",
            "title": "E-Mail",
            "maxLength": 256,
            "ory.sh/kratos": {
              "credentials": {
                "password": {
                  "identifier": true
                },
                "webauthn": {
                  "identifier": true
                },
                "totp": {
                  "account_name": true
                },
                "code": {
                  "identifier": true,
                  "via": "email"
                }
              },
              "recovery": {
                "via": "email"
              },
              "verification": {
                "via": "email"
              }
            }
          }
        },
        "required": [
          "first_name",
          "last_name",
          "email"
        ],
        "additionalProperties": false
      },
      "metadata_public": {
        "type": "object",
        "properties": {
          "email": {
            "type": "string"
          }
        }
      }
    }
  }
"oidc.google.jsonnet": |
  local claims = {
    email_verified: false,
  } + std.extVar('claims');

  {
    identity: {
      traits: {
        first_name: claims.given_name,
        last_name: claims.family_name,
        [if 'email' in claims && claims.email_verified then 'email' else null]: claims.email,
      },
      "metadata_public": {
        [if 'email' in claims && claims.email_verified then 'email' else null]: claims.email,
      }
    }
  }

Reproducing the bug

My kratos supports both password and oidc.
I register an account using oidc with email A.
Then I set a password for my account
After that, I unlink and link with other email B. But the trait and metadata are not updated with information from email B. In the setting hook, I dont have any info from new link account to update manually using hook

Relevant log output

No response

Relevant configuration

No response

Version

v1.1.0

On which operating system are you observing this issue?

Linux

In which environment are you deploying?

Kubernetes with Helm

Additional Context

No response

commented

Maybe related to: #2898