Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hi, we have plans to support stateless authentication with JWTs. There’s no clear ETA yet. Definitely use Ory’s edge sessions! It will cut down latency to around 25-35ms :slightly_smiling_face:

Hi hackerman, thanks a lot for the quick reply! So, I do get this correctly – it is a common principle, maybe the most common one? – to rely on auth infra calls on every request, from every endpoint? Edge sessions, I´ll try to test them. 30ms sounds good.

It depends on your requirements - do you need instant logout and revokation of clients? Then yes. No? The no! At Ory we build first what’s secure :slightly_smiling_face:

But we’re working on options to reduce calls and get lower latency requests for those who do not care about instant revokations!

You can also read:

<https://www.ory.sh/docs/security-model>

Thank again! Hours later I do have more understanding of the different approaches.
Here´s an interesting discussion, and article behind it, about JWTs drawbacks – in case you don´t know it:
<https://news.ycombinator.com/item?id=27136539>