Skip to main content

Update an Identity

PUT 

/admin/identities/:id

This endpoint updates an identity. The full identity payload (except credentials) is expected.

It is possible to update the identity's credentials as well. Using this operation, credentials will not be overwritten but instead added to the list. For example, if a user has a social sign in connection set up, updating the credentials will keep the social sign in connection and add the new credentials to the list. This prevents accidentally overwriting credentials and locking out users. A complete view of all credential types is here:

password: The existing password credential will be completely replaced with the new configuration. You can provide either a hashed password, a plaintext password (which will be hashed), or enable the password migration hook. oidc, saml: The existing OIDC and SAML credentials will be kept and the new credentials will be added to the list. totp: The existing TOTP credentials will be replaced with the new configuration. lookup_secret: The existing Lookup Secret codes will be kept and the new codes will be added to the list. webauthn, passkey: The existing credentials are preserved, new credentials are added, and credentials with matching IDs are updated with new values. If a new user_handle is provided, it's added to the identity's identifiers list while preserving previous user handles. code: To import code credentials, configure your identity schema to use one of the identity traits as an identifier source ({"ory.sh/kratos":{"code":{"identifier":true", "via":"email"}}}).

Request

Responses

identity