Cannot patch identity with op: 'test', 'copy', 'move'

[fmiqbal]

Preflight checklist

• [X] I could not find a solution in the existing issues, docs, nor discussions.
• [X] I agree to follow this project's Code of Conduct.
• [X] I have read and am following this repository's Contribution Guidelines.
• [ ] I have joined the Ory Community Slack.
• [ ] I am signed up to the Ory Security Patch Newsletter.

Ory Network Project

No response

Describe the bug

As per API docs on https://www.ory.sh/docs/kratos/reference/api#tag/identity/operation/patchIdentity, there is list of jsonpatch available op, stated as

The operation to be performed. One of "add", "remove", "replace", "move", "copy", or "test".

But I can't actually do "move", "copy", or "test",
just borrowing from https://jsonpatch.com/

curl --location --request PATCH 'http://localhost:4434/admin/identities/a04e0bf8-fb7f-463a-a567-be345458df0c' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--data '[
{ "op": "move", "from": "/biscuits/0", "path": "/best_biscuit" }
]'

response

{
    "error": {
        "code": 400,
        "status": "Bad Request",
        "reason": "An error occured when applying the JSON patch",
        "message": "unsupported operation: move"
    }
}

Looking at the code, the error thrown possibly from this

https://github.com/ory/kratos/blob/4f4394c1d0e2322a687520a31a25fc309f2229f3/identity/handler.go#L869-L877

and I notice that it use ory/x/jsonx, from which I found

https://github.com/ory/x/blob/52f7d778c2eea02e3e5bcf638c590c533127baa8/jsonx/patch.go#L17-L21

So at least for now I think the documentation is wrong

Reproducing the bug

From docker quickstart,

1. create and identity
2. do this curl

curl --location --request PATCH 'http://localhost:4434/admin/identities/a04e0bf8-fb7f-463a-a567-be345458df0c' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--data '[
{ "op": "move", "from": "/biscuits/0", "path": "/best_biscuit" }
]'

Relevant log output

No response

Relevant configuration

No response

Version

1.2.0

On which operating system are you observing this issue?

Linux

In which environment are you deploying?

Docker Compose

Additional Context

No response

[renom]

Having the same issue.

[jonas-jonas]

What's the use case for using those operations? Isn't it easier and more stable to fetch the identity and then apply a replace operation?

[renom]

I'm trying to migrate schemas with copy and move ops. I need to rename some fields. Trying to do that with Postman requests. Without copy and move, I'll have to copy and paste values or write a client (migrator tool).

[David-Wobrock]

It seems only add, remove and replace are supported: https://github.com/ory/x/blob/master/jsonx/patch.go#L18-L28

The code references https://github.com/evanphx/json-patch/pull/158 which was resolved. Perhaps there's an opportunity to support these operations now?

---

What's the use case for using those operations? Isn't it easier and more stable to fetch the identity and then apply a replace operation?

I guess (or hope?) that doing a single patch operation is atomic at the Identity level, whereas fetching and then patching the identity requires two HTTP requests to Kratos and is subject to race conditions.