ory
Refresh identity traits on social / SSO login
Preflight checklist
- [X] I could not find a solution in the existing issues, docs, nor discussions.
- [X] I agree to follow this project's Code of Conduct.
- [X] I have read and am following this repository's Contribution Guidelines.
- [X] This issue affects my Ory Network project.
- [ ] I have joined the Ory Community Slack.
- [ ] I am signed up to the Ory Security Patch Newsletter.
Describe your problem
Currently, social sign in only executes the JsonNet during registration. However, multiple questions have come up in several issues how this can be solved for linking sign ins, or when the user sign ins again - to keep the data fresh.
Example of such a discussion: https://github.com/ory/network/issues/164#issuecomment-1285989251 (there are more!)
Describe your ideal solution
The jsonnet should be executed on sign in and on linking social sign in as well. It will have to respect the existing user data as well (so it needs to be available in the context).
Workarounds or alternatives
There are no workarounds for this.
Version
master
Additional Context
No response
Already posted this in one of the other issues, but I'm wondering what would happen to the user data if the Jsonnet code and schema are changed between logins. Would the user be effectively recreated with the most recent schema and Jsonnet, or would some old version be run?
We would add the current identity data to the jsonnet context, and then it's your decision
We've added the ability to update identities from webhooks, see here: https://www.ory.sh/docs/guides/integrate-with-ory-cloud-through-webhooks#update-identity-traits
Would that solve the problem for you?
We've added the ability to update identities from webhooks, see here: https://www.ory.sh/docs/guides/integrate-with-ory-cloud-through-webhooks#update-identity-traits
Would that solve the problem for you?
No, as I need the update to happen during sign-in and the docs state the following:
Modifying the identity is currently only possible during the registration and settings flows.
In my case an external social login is the source of truth for identity data. I want the Jsonnet logic that constructs the identity from the JWT to run on every sign-in, potentially updating out-of-sync values.
I see, makes sense, thanks. I'll add it to the backlog, but a PR would accelerate it :)
Hello contributors!
I am marking this issue as stale as it has not received any engagement from the community or maintainers for a year. That does not imply that the issue has no merit! If you feel strongly about this issue
- open a PR referencing and resolving the issue;
- leave a comment on it and discuss ideas on how you could contribute towards resolving it;
- leave a comment and describe in detail why this issue is critical for your use case;
- open a new issue with updated details and a plan for resolving the issue.
Throughout its lifetime, Ory has received over 10.000 issues and PRs. To sustain that growth, we need to prioritize and focus on issues that are important to the community. A good indication of importance, and thus priority, is activity on a topic.
Unfortunately, burnout has become a topic of concern amongst open-source projects.
It can lead to severe personal and health issues as well as opening catastrophic attack vectors.
The motivation for this automation is to help prioritize issues in the backlog and not ignore, reject, or belittle anyone.
If this issue was marked as stale erroneously you can exempt it by adding the backlog label, assigning someone, or setting a milestone for it.
Thank you for your understanding and to anyone who participated in the conversation! And as written above, please do participate in the conversation if this topic is important to you!
Thank you 🙏✌️
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
@kmherrmann we ran into this too.
We updated our claims and now existing users seem to now be broken. Having a way to resync the traits on sign-in would be a graceful way to fix this.
This isn’t on the roadmap right now due to lack of commercial demand (hence we can’t prioritize it) but it’s certainly a good and welcomed feature. We‘ll let you know if something changes!
Hello contributors!
I am marking this issue as stale as it has not received any engagement from the community or maintainers for a year. That does not imply that the issue has no merit! If you feel strongly about this issue
- open a PR referencing and resolving the issue;
- leave a comment on it and discuss ideas on how you could contribute towards resolving it;
- leave a comment and describe in detail why this issue is critical for your use case;
- open a new issue with updated details and a plan for resolving the issue.
Throughout its lifetime, Ory has received over 10.000 issues and PRs. To sustain that growth, we need to prioritize and focus on issues that are important to the community. A good indication of importance, and thus priority, is activity on a topic.
Unfortunately, burnout has become a topic of concern amongst open-source projects.
It can lead to severe personal and health issues as well as opening catastrophic attack vectors.
The motivation for this automation is to help prioritize issues in the backlog and not ignore, reject, or belittle anyone.
If this issue was marked as stale erroneously you can exempt it by adding the backlog label, assigning someone, or setting a milestone for it.
Thank you for your understanding and to anyone who participated in the conversation! And as written above, please do participate in the conversation if this topic is important to you!
Thank you 🙏✌️
This feature is still a important open topic for us. https://github.com/ory/kratos/issues/4084
