Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hi! I want to develop a NestJS Uber-like API using selfhosted `Keto` and `Kratos` servers with the basic roles/schemas:
- `Admin` - must be created by the administrators with `ManageAdmin` permission. Admins use browser.
- `Driver` - registers in Driver mobile app, then must be verified by Admin.
- `Client` - registers in Client mobile app.
And I have several questions:
- As I understand it's impossible to split self-service flow based on predefined role/schema. What should I do in this case? How to provide such splitting?
- Is it ok to wrap all the self-service calls into controllers of my app? My API will work as a proxy for all `Keto` and `Kratos` requests so I want to modify some of them and create associated permissions during `Driver`/`Client` registration. Or it is not an ory-way and I should use `Oathkeeper` - `Kratos` - `Keto` stack?