Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

what it looks like is happening is that kratos when queried from oathkeeper returns a redirect for unauthorized (401), but when queried from the node ui, it returns a valid user (recognizes a logged in user). this is validated by the redirect loop (redirects to login, login is already valid, so it redirects back to the `return_to` ) and by me accessing `/auth` directly and getting the logged in user dashboard.