Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

We are currently looking into PATs, found <https://github.com/ory/kratos/issues/1106|this> ticket for Kratos. But it looks abandoned. Is there an Ory Network service for PATs yet?

Or what would you suggest now for implementation?

We don’t have such a service yet available :/

<@U010F2N7G2X> no worries, but any suggestions on what do to so it can "integrate" with Kratos?

We are currently think of a "database" table, such as:
```| pat (some random string) | subject_id (kratos_id) | expiration (null|date) |```
To have a record and make them revokable on our end/for the user.

And then thinking about adding a custom "whoami" endpoint in oathkeeper to authenticate them on the edge? Do you think that's feasible, or the wrong thing to do?

<@U010UKXCPP0> sorry to bug, but maybe you have an idea?

Could work, but as always depends on your implementation :slightly_smiling_face:

<@U010F2N7G2X> hehe, you mean how crappy is the code I write? :smile:

~i guess the problem with my idea was that I can't configure a second session endpoint in one oathkeeper~