Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hello there! I have a new customer working with an LMS (Moodle, etc...) that uses LTI which is based on the OAuth 2.0 protocol.
FYI, the purpose of the LTI protocol is to provide a transparent connection with an online web application inside an iframe based on the LMS user's session.
I've been unable to configure Kratos with a generic provider to establish the connection, but I've found a workaround.

My situation: I have another application (Next14 with NextAuth), and I have secure APIs with Oauthkeeper and Hydra JWT linked to Kratos authentication. The LTI web application will be separate from NextAuth (at the moment).
My solution: use another library designed for LTI (like Ltijs) to create an account using the Kratos registration API stream.  (It works :white_check_mark:)
My problem: Hydra's login challenge redirects me to my NextJS authentication application (kratos-selfservice-ui-react-nextjs) but I don't want my user to log in again since he's logged in via the api.

Any ideas?
There may be a link with my problem <https://github.com/ory/kratos/issues/3764> but here it's the opposite process: using the Kratos session token to perform Hydra authentication.