Hmm.. what is the best practice to save session ba...
# talk-kratos
b
Hmm.. what is the best practice to save session based data? I am creating a tenant chooser after the login (Users have SSO to multiple accounts) before entering my app. I did not find any method to save my own data to the existing kratos session object (identity API), just fetching the session object. So, is there a best practice how to do it? I was thinking to create my own session manager which eats the ory kratos session id and then manages data from own session storage with that id but before continuing, I was thinking to ask advice here. So I want to save the selected tenant Id to the session.
p
You can't edit the session data, but you can edit the identity metadata (which is also contained in the session). https://www.ory.sh/docs/kratos/manage-identities/managing-users-identities-metadata You just need to adjust the data before the actual sign in occurs or while it occurs. For example in a password registration you could have the user select the tenant they have and add that to the transient payload which you later map to the user public metadata within a webhook. https://www.ory.sh/docs/guides/integrate-with-ory-cloud-through-webhooks#customizing-request-body-with-jsonnet In an OIDC flow, you can also map extra data in the JSON after returning from the oidc provider. https://www.ory.sh/docs/kratos/social-signin/data-mapping
b
I was thinking about that, but is that identity then shared between all sessions? I mean if I patch the identity that "current tenant id = 1" and I have 2 sessions open, they would share the same identity?
And I don't know how I can inject that during the sign in event, given that I need to have the sign in data so I can show the available tenants.. I tried patching the identity, but I was not able to make that work.
p
but is that identity then shared between all sessions?
I believe so, unless there is a cache on the session check api - then it might return stale data. But for all new sessions yes.
b
Ok, that is what I was thinking about, so maybe not a solution I am looking for. So maybe a separate own session storage then - I can reuse Ory Session ID to do that so it makes things easier
of course I could just rewrite urls as http://foo.tld/<teannt id>/....
But there might be more session related data so I would like to create a solution that helps to fix that.. and also having tenant id in the path prevents creation of url's for pasting from one tenant to another
p
hmm, it's difficult to say what the right solution is in the slack chat. Maybe you could reach out to our sales representative by booking a meeting https://www.ory.sh/contact/ He can then evaluate the requirements and move the process forward with the engineering team.
b
Thanks! For now, I created my own session manager microservice that augments the ory response with my own session based data. Let's see what issues I have with that solution..