OpenID Connect is undergoing active refactoring and these docs will change. See #381.
The Social Sign In Strategy enables you to use
as the Identity Provider.
Because of the nature of this flow (a browser is required) it does not work API-only flows.
Sign In only works when an identity exists for that profile already. If it does not exist, a registration flow will be performed instead.
Sign Up on conflict with existing primary identifiers like email:
- Sign Up is dis-allowed and the user is asked to instead log in and then link his/her account instead.
A user may link and unlink social profiles. Unlinking is only allowed if at least one other sign in method is enabled.
API-based login and registration using this strategy will be addressed in a future release of ORY Kratos.
Please be aware that OpenID Connect providers always require a Browser, with the exception of "Sign in with Apple" on recent iOS versions.