I’ve worked with custom built identity systems before, and one of the eventual pain points is always the migration of user accounts from one identity model to another. This happens, for example, when you support user accounts and later you add the support for business accounts (e.g. email-based vs role-based).
I know that Kratos supports different identity schemas, but I’m unable to figure out if it supports migrating a user from one identity schema to another, or whether I’ll have to plan a system that can manage the migration process (creating a duplicate identity under the new schema, and then re-mapping user data from one identity to the other).
Ideally, I’d be able to treat the Kratos Id as a unique account identifier, and then migrate just the idenitity schema, which would remove the entire state machine of account transitions. In that way, Kratos would be my ‘account’, whether it was user or some other role.
Failing that, I will want to create an account abstraction in my data model, and de-couple the Kratos identity from the account in question.
So… does Kratos support migrating the identity schema? I would make sure that the fields are compatible before migration (e.g. both schemas would have the email and username field, where users have the email as identifier and username as a field, and a ‘company account’ would have the username as identifier and email as a field.)