Settings flow does not have link option with OIDC & Password methods enabled #4185
Description
Preflight checklist
- I could not find a solution in the existing issues, docs, nor discussions.
- I agree to follow this project's Code of Conduct.
- I have read and am following this repository's Contribution Guidelines.
- I have joined the Ory Community Slack.
- I am signed up to the Ory Security Patch Newsletter.
Ory Network Project
Ory Kratos Self hosted v1.3.1
Describe the bug
Hello,
I am having an issue when trying to use settings flow to link an identity registered using Password method with its Google account.
Google OIDC and password registration/login are working perfectly fine but when I have signed up with password and create a settings flow, I have no option to link to OIDC, there is no node with type oidc.
What I have tried :
- Checked the logs, there is no error.
- Checked that this identity was not already linked to Google
- Tested with different versions of Ory Kratos
v.1.1.0,v1.3.0&v1.3.1. - Enabled verification flow, verify my account email (both with Google & Email sign up)
- Enabled the flag
enable_legacy_one_step
It did not give any result. I also tried @kapa.ai chatbot in Ory Slack but it did not propose any additional solution
Reproducing the bug
- Create a registration flow
GET /self-service/registration/api - Submit registration flow
POST /self-service/registration?flow=d41fafbd-d0ee-4be7-8e14-800070c03e14with payload
{
"traits.email": "[email protected]",
"password": "MySuperPass*",
"method": "password"
}- Create a settings flow
GET /self-service/settings/apiusing headerX-Session-Token - There is no node of type
oidce.g.
{
"id": "28b3fbcf-4367-445f-99fa-181d368d5012",
"type": "api",
"expires_at": "2024-10-31T17:05:26.035126414Z",
"issued_at": "2024-10-31T16:05:26.035126414Z",
"request_url": "http://127.0.0.1:4433/self-service/settings/api",
"ui": {
"action": "http://matthias.local/kratos/self-service/settings?flow=28b3fbcf-4367-445f-99fa-181d368d5012",
"method": "POST",
"nodes": [
{
"type": "input",
"group": "default",
"attributes": {
"name": "csrf_token",
"type": "hidden",
"value": "",
"required": true,
"disabled": false,
"node_type": "input"
},
"messages": [],
"meta": {}
},
{
"type": "input",
"group": "profile",
"attributes": {
"name": "traits.email",
"type": "email",
"value": "[email protected]",
"required": true,
"autocomplete": "email",
"disabled": false,
"node_type": "input"
},
"messages": [],
"meta": {
"label": {
"id": 1070002,
"text": "E-Mail",
"type": "info",
"context": {
"title": "E-Mail"
}
}
}
},
{
"type": "input",
"group": "profile",
"attributes": {
"name": "method",
"type": "submit",
"value": "profile",
"disabled": false,
"node_type": "input"
},
"messages": [],
"meta": {
"label": {
"id": 1070003,
"text": "Save",
"type": "info"
}
}
},
{
"type": "input",
"group": "password",
"attributes": {
"name": "password",
"type": "password",
"required": true,
"autocomplete": "new-password",
"disabled": false,
"node_type": "input"
},
"messages": [],
"meta": {
"label": {
"id": 1070001,
"text": "Password",
"type": "info"
}
}
},
{
"type": "input",
"group": "password",
"attributes": {
"name": "method",
"type": "submit",
"value": "password",
"disabled": false,
"node_type": "input"
},
"messages": [],
"meta": {
"label": {
"id": 1070003,
"text": "Save",
"type": "info"
}
}
}
]
},
"identity": {
"id": "9440d5ac-d8e0-45f0-97af-8e40d1305a6c",
"schema_id": "default",
"schema_url": "http://matthias.local/kratos/schemas/ZGVmYXVsdA",
"state": "active",
"state_changed_at": "2024-10-31T16:05:19.03194Z",
"traits": {
"email": "[email protected]"
},
"verifiable_addresses": [
{
"id": "fa15a1f9-96f2-4118-ab84-21f0cae40ba8",
"value": "[email protected]",
"verified": false,
"via": "email",
"status": "pending",
"created_at": "2024-10-31T16:05:19.033233Z",
"updated_at": "2024-10-31T16:05:19.033233Z"
}
],
"recovery_addresses": [
{
"id": "d404d32a-8269-4367-8e97-8df383d9cdba",
"value": "[email protected]",
"via": "email",
"created_at": "2024-10-31T16:05:19.033807Z",
"updated_at": "2024-10-31T16:05:19.033807Z"
}
],
"metadata_public": null,
"created_at": "2024-10-31T16:05:19.032667Z",
"updated_at": "2024-10-31T16:05:19.032667Z",
"organization_id": null
},
"state": "show_form"
}Relevant log output
No response
Relevant configuration
version: v1.3.1
serve:
public:
base_url: http://matthias.local/kratos
cors:
enabled: true
admin:
base_url: http://matthias.local/kratos-admin
selfservice:
default_browser_return_url: matthias://kratos_social_sign_in_return_url
methods:
password:
enabled: true
oidc:
enabled: true
config:
providers:
- id: google
provider: google
client_id: "XXXX.apps.googleusercontent.com"
client_secret: "XXXX"
mapper_url: file:///home/ory/schemas/oidc/google.jsonnet
scope:
- email
- profile
requested_claims:
id_token:
email:
essential: true
email_verified:
essential: true
given_name:
essential: true
family_name: null
hd: null
flows:
settings:
privileged_session_max_age: 24h
registration:
lifespan: 10m
after:
password:
hooks:
- hook: session
identity:
default_schema_id: default
schemas:
- id: default
url: file:///home/ory/identity.schema.jsonVersion
Ory Kratos Self hosted v1.3.1
On which operating system are you observing this issue?
Linux
In which environment are you deploying?
Kubernetes
Additional Context
Google Jsonnet config :
{
identity: {
traits: {
email: claims.email,
},
},
}Identity schema :
{
"$id": "schemaV0.0.1",
"title": "Person",
"type": "object",
"properties": {
"traits": {
"type": "object",
"properties": {
"email": {
"type": "string",
"format": "email",
"title": "E-Mail",
"ory.sh/kratos": {
"credentials": {
"password": {
"identifier": true
}
},
"recovery": {
"via": "email"
},
"verification": {
"via": "email"
}
},
"maxLength": 320
}
},
"required": [
"email"
]
}
}
}