Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

<@U04UQ68083H> when do oauth cookies like login_csrf, consent_csrf, or session_csrf get created?

Hmm, I don't know enough to give you a confident answer yet. The knowledge sources provided do not specify when exactly the `login_csrf`, `consent_csrf`, or `session_csrf` cookies are created in the Ory OAuth flow. However, they do mention that Ory uses HTTP cookies to store session states and protect against attack vectors such as CSRF.   For more detailed information, you may want to refer to the [Ory Documentation](<https://www.ory.sh/docs/>).