Skip to main content

Manage Identity Metadata

In Ory, identities have traits and metadata:

  • Traits: These are the attributes of an identity, which the identity / user can update on their own (e.g. a user's name, email, etc).
  • Metadata: Attributes of your choosing that can not be modified by the identity / user on their own, only by using the /admin/identities APIs. These fields can be used to store, for example, the user's roles, subscription status, etc.

Metadata can both be public and administrative:

  • Public: Attributes which can only be modified using the /admin/identities APIs. They are visible to the user when calling toSession() or /sessions/whoami.
  • Admin: Attributes which can only be modified and read using the /admin/identities APIs. They are never directly exposed to the identity / user themselves.
note

Metadata is not validated using the identity's JSON Schema. You are responsible to ensure that the metadata you are storing is valid according to your schema, as well as upgrading the schema.

To manage metadata, use the following APIs:

Example Identity

{
"metadata_public": {
"subscription": "free",
"roles": ["user"]
},
"metadata_admin": {
"notes_about_user": "Some internal notes about the user",
"some": {
"nested": "object"
}
},
"recovery_addresses": [
{
// ...
}
],
"traits": {
"name": "John Doe"
// ...
},
"schema_id": "string",
"state": "active"
// ...
}