Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

We recently added an issue (<https://github.com/ory/hydra/issues/3723|#3723>) on the hydra repo, but it. occurred to me that we might want to see if we're chasing the wrong thing.  Maybe someone here can recommend a different way to achieve our goals.

We've already got all our users in a locally hosted GitLab instance with strong passwords and MFA setups.  We allow our students to stand up a small set of microservices for their own HPC control planes.  We use JWTs for all of our access to the microservices.  We'd like to allow each student to register their own client application in GitLab and use the ID token from GitLab to establish identity and use hydra to mint a fresh access token for use with the microservices.  Ideally, we'd like this to happen without having to open a browser, but that may not be realistic.

Has anyone done something similar?  Are there recipes we can follow for this?

Our <https://github.com/ory/hydra/issues/3723|Issue> describes how far we've gotten and where we think we're stuck.