Each identity has one or more credentials associated with it:
ORY Kratos supports several credential types:
password: The most common identifier (username, email, ...) + password credential.
oidc: The "Log in with Google/Facebook/GitHub/..." credential.
- Other credentials - support other credential types (X509 Certificates, Biometrics, ...) at will be added a later stage.
Each credential - regardless of its type - has one or more identifiers attached to it. Each identifier is universally unique. Assuming we had one identity with credentials
and tried to create (or update) another identity with the same identifier
email@example.com), the system would reject the request with a 409 Conflict
While credentials must be unique per type, there can be duplicates amongst multiple types:
The same would apply if those were two separate identities: