Hi all, I've been considering using kratos, and was wondering if there's a way to reliably verify an identity during self service (I need to options to manage some specific tools with self-service). I was thinking about using the whoami endpoint for this, but I'm not sure (I was also considering using a separate service that just uses the admin endpoints to update the identity after they login with OIDC)...

reliably verify an identity during self service

What do you mean by this? verify the email? KYC?

I was also considering using a separate service that just uses the admin endpoints to update the identity after they login with OIDC

Check out Ory Actions for that: https://www.ory.sh/docs/kratos/hooks/configure-hooks Although modifying the identity through Actions is just possible on the registration / settings flow atm

Probably should've worded it differently, I need my self-service backend to know about the current kratos session so that it could manage a user's VPN clients (ie: you could download a VPN config from the self-service page) I apologize if I'm missing something about how kratos self service implementations work

No worries. Would using a JWT work for you in this case? https://www.ory.sh/docs/identities/session-to-jwt-cors

Oh, awesome, I'll try that, thank you!