Each identity has one or more credentials associated with it:
Ory Identities supports several credential types:
password: The most common identifier (username, email, ...) + password credential.
oidc: The "Log in with Google/Facebook/GitHub/..." credential.
- Other credentials - support other credential types (X509 Certificates, Biometrics, ...) that will be added at a later stage.
Each credential - regardless of its type - has one or more identifiers attached to it. Each identifier is universally unique. Assuming we had one identity with credentials
- [email protected]
and tried to create (or update) another identity with the same identifier (
[email protected]), the system would reject the
request with a 409 Conflict state.
While credentials must be unique per type, there can be duplicates amongst multiple types:
The same would apply if those were two separate identities: