Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hello everyone!
Is there a way to implement a blacklist in Kratos? Specifically, I'm looking to block certain users from obtaining a session token when using the API. Any guidance would be appreciated!

Hello <@U07QPFNHAHK>
You should be able to do that using <https://www.ory.sh/docs/kratos/hooks/configure-hooks|Ory Actions> (basically a webhook that checks an outside list).

You can also do it in the identity schema using regex, but I would assume that is a bit clunky for your use case.

Hello <@U011D3UQKNY>
Do you know if is there a example anywhere using these web hooks?

See the main documentation here: <https://www.ory.sh/docs/identities/sign-in/actions>
Here is an example for a bit more complex use case: <https://github.com/ory/examples/tree/master/ory-actions/vpncheck-py>