Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hi :wave:

We are a B2B multi-tenant SaaS company and got stuck on a problem.

We would like to know which OIDC provider the user used to sign in with when we reach the consent flow so we can include it in the access token. Hydra <https://github.com/ory/hydra/pull/1353|added support> to pass data from the accept-login endpoint to the consent flow, but Kratos doesn't utilize this field today.
We want Kratos to provide details about the login flow (at least provider ID for generic OIDC) in the context object after a successful authorization code flow against the OIDC provider. We have yet to find a way to work around this problem and secure ourselves against man-in-the-middle attacks.

Does anyone know how to solve this?

I filed a feature request for it: <https://github.com/ory/kratos/issues/3270>