Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hello. I'm looking at the new Session-to-JWT functionality and I'm wondering if it's possible to use the HYDRA Json Web Key Set to sign the JWTs. I ran into the same problem with Oathkeeper idToken mutation. Is there no way to share the same set of keys for both hydra and kratos? The core of my problem is I have a set of APIs which rely on JWT/scopes for authorization. If an application logs into Kratos directly, there is no way to communicate which permissions a user has. I understand this is a usecase for Keto and the zero-trust model, but we are not moving in that direction.