The OpenID Connect Strategy does already work but needs further documentation and code improvements. It will be documented in an upcoming release of ORY Kratos.
The Social Sign In Strategy enables you to use
- ORY Hydra;
- and every other OpenID Connect Certified Provider
as the Identity Provider.
Because of the nature of this flow (a browser is required) it does not work
Sign In only works when an identity exists for that profile already. If it does not exist, a registration flow will be performed instead.
Sign Up on conflict with existing primary identifiers like email:
- Sign Up is dis-allowed and the user is asked to instead log in and then link his/her account instead.
API-based login and registration using this strategy will be addressed in a future release of ORY Kratos.
Please be aware that OpenID Connect providers always require a Browser, with the exception of "Sign in with Apple" on recent iOS versions.