Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hi everyone, we currently need tokens to be able to be used in a browser across different domains. Cookies only work on the same TLD, so is it safe to use session tokens (bearer tokens in Authorization header) instead? Or is there any better alternatives?

I think people usually use oauth2/openid (:point_right: ory hydra) for cross-domain, it's a bit more involved. but that has the redirects with tokens, etc. and you can add them to a cookie or whatever is easier after. and you have APIs to validate them, etc..