Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hi, we use Kratos as IdP combined with Oathkeeper as a zero trust proxy. We would like to have short lived access tokens in order to authorize the user facing app to get access to other services in our system e.g. Video server (publish or read a video stream). We have been simply using the Kratos_Session_Token to do the authorisation until now which seems not the correct approach for such authorization tasks. Is there any way to get a token similar to JWT/Personal Access Token/or API key which is issued by some ORY service or third party service?                                                                                   I was looking into Oauth2 and a related article <https://www.ory.sh/oauth2-openid-connect-do-you-need-use-cases-examples/|Why you probably do not need OAuth2 / OpenID Connect> from <@U010F2N7G2X>suggests to use something simpler for such use cases:

&gt; At Ory, you can use Ory Session Tokens if you want to interface your API with native apps and clients which do not have a browser. We are also planning to publish a new token service which will standardize API Keys and Personal Access Tokens so that your users will be able to easily create these types of tokens in a scalable and secure way!
at the same mentioning that a new token service would be published. Is this service already available?