Comments (2)
WoodyWoodsta
commented on June 16, 2024
For what it's worth, without #3311, it's basically impossible to link OIDC natively, unless you have just an email address in your identity schema (and want to support Sign in with Apple).
from kratos.
WoodyWoodsta
commented on June 16, 2024
Having experimented with it a bit more, I'd also like to add that since this new registration is always done on OIDC login conflict, there is no way to opt out of the behaviour. For example, the internal registration still calls all of the registration hooks. As a consumer of the API, this seems unexpected, and in some cases, completely unwanted. There is no way to prevent these hooks from being called, which is required if hooks expect information only available in a legitimate registration (as above) or if those hooks perform actions which you only want on legitimate registration.
Intuitively, calling registration hooks on a login endpoint doesn't make sense and I think using an internal registration flow was a mistake for automatic account linking.
from kratos.
Related Issues (20)
- Tokenize fail for valid session HOT 2
- Send Email via HTTP and not SMTP to Sendgrid HOT 2
- More consistent token-based pagination
- SDK `UpdateRegistrationFlow()` returns nil values despite successful call HOT 1
- multiple SSO login using single provider for self-hosted kratos
- How to properly run E2E tests?
- Implementing OAuth Provider Injection for Private or Specific Use Cases HOT 1
- Userinfo when using a generic provider HOT 1
- `/version` endpoint giving 404 error on Public API
- Deduplicate registration nodes
- Outdated OTEL libraries prevent import HOT 2
- ORY-03-001 WP2: Client minimum TLS version not configured
- ORY-03-002 WP2: Potential OOM via unlimited io.readAll calls (Info)
- Show "resend code"-button in registration flow with show_verification_ui hook
- Enhancement: Increase Customizability for Self-Management HOT 1
- Unable to extend session through admin api HOT 2
- New verification flow returned from complete on expired flow is not the same type
- Support for PBKDF2 with Whirlpool Hash Function for User Imports
- Add ID token verification to the generic provider
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kratos.