Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hello Domski, btw the fosite example is really outdated surprised you got it running!


Fosite respects the <https://tools.ietf.org/html/rfc6819#section-5.1.5.3|OAuth 2.0 Threat Model and Security Considerations> by the IETF, specifically:
• Opaque access tokens
<https://www.ory.sh/docs/hydra/security-architecture#oauth-20-security-overview|see full doc>

&gt; I assume that I just need to build an endpoint to provide the public keys?
correct

I would recommend you use <https://github.com/ory/hydra|Ory Hydra> where all of this has been built, implemented and tested for many years by many organisations - unless you have a really special use case that is not solvable with Hydra.