trying to refamiliarize myself with ory after so l...
# talk-kratosc
colossal-engine-74704
04/20/2023, 5:11 PMtrying to refamiliarize myself with ory after so long.. if I have 1 app that is the public/'login app' , and I have other first party app that will use that login information.. Is this something I can handle with Kratos, or do I need to involve hydra
n
numerous-umbrella-61726
04/20/2023, 5:16 PMas long as you have them under a shared domain (even if under different subdomains, e.g. login.example.com and app.example.com), kratos should be enough, and is likely the preferred approach for first party services. bringing in oauth or oidc is probably not what you want - there is a good blog post here - https://www.ory.sh/oauth2-openid-connect-do-you-need-use-cases-examples/
c
colossal-engine-74704
04/20/2023, 5:20 PMI guess you just hit the kratos api to get identity information, assuming shared domain?
colossal-engine-74704
04/20/2023, 5:21 PMand what's the solution if there are different domains?
n
numerous-umbrella-61726
04/20/2023, 5:23 PMhttps://www.ory.sh/docs/kratos/reference/api#tag/frontend/operation/toSession - for retrieving user info of the current session
numerous-umbrella-61726
04/20/2023, 5:24 PMif users are logging in through a browser, i don't think there is a solution across different domains, since kratos will set cookies for browser flows and cookies must be on the same domain
c
colossal-engine-74704
04/20/2023, 5:25 PMwould have to make something hacky, or use hydra
colossal-engine-74704
04/20/2023, 5:28 PMmight need to use hydra anyhow for third party integrations.. so i wonder in that case is kratos even needed
n
numerous-umbrella-61726
04/20/2023, 5:29 PMhydra does not provide identification or login, only oauth built on top of an existing identity provider
numerous-umbrella-61726
04/20/2023, 5:29 PMso users would log in through kratos, then hydra generates the oauth token(s)
c
colossal-engine-74704
04/20/2023, 5:30 PMah ok. cool, i'll start playing around
7 Views