Manage identity metadata
In Ory, identities have traits and metadata:
- Traits: These are the attributes of an identity, which the identity / user can update on their own (e.g. a user's name, email, etc).
- Metadata: Attributes of your choosing that can not be modified by the identity / user on their own, only by using the
/admin/identities
APIs. These fields can be used to store, for example, the user's roles, subscription status, etc.
Metadata can both be public and administrative:
- Public: Attributes which can only be modified using the
/admin/identities
APIs. They are visible to the user when callingtoSession()
or/sessions/whoami
. - Admin: Attributes which can only be modified and read using the
/admin/identities
APIs. They are never directly exposed to the identity / user themselves.
note
Metadata is not validated using the identity's JSON Schema. You are responsible to ensure that the metadata you are storing is valid according to your schema, as well as upgrading the schema.
To manage metadata, use the following APIs:
Example identity
{
"metadata_public": {
"subscription": "free",
"roles": ["user"]
},
"metadata_admin": {
"notes_about_user": "Some internal notes about the user",
"some": {
"nested": "object"
}
},
"recovery_addresses": [
{
// ...
}
],
"traits": {
"name": "John Doe"
// ...
},
"schema_id": "string",
"state": "active"
// ...
}