Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hello everyone, i’m trying to setup a multitenant app that is using kratos for auth and using the Google social sign in provider. Tenants have their own subdomains (lets say <http://tenant1.domain.com|tenant1.domain.com>), but google always returns to the top level domain (<http://domain.com|domain.com>) url that should then redirect you back to the correct subdomain. Anyway, i get the error ory kratos continuity cookie not set during this step. Ive read that i should set kratos.config.session.cookie.domain to the tld, but still i see in the network requests that ory_kratos_continuity is always being set for the subdomain. I also tried setting cookies.domain and other settings like path but nothing. From what i read in the docs, subdomains should be able to set cookies for the tld but not the other way around. Also, is what i described here a correct approach, perhaps im doing something wrong. A bit more info about my setup, im trying this on localhost for now, can this be the issue? Btw, social login works fine when the domain is the same (login from <http://domain.com|domain.com>, returning to <http://domain.com|domain.com>). Thanks :)