Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Kratos question - our internal mail / notification service uses Bearer tokens for authN/Z, and these tokens expire every few hours. In Kratos, sending email/sms via http seems to require a more static set of credentials. Has anybody managed to square this circle or have ideas on how to do something like this?

would that be some oauth2 tokens (so access/refresh pairs)? how would it be supposed to work, especially with the consideration that the service could restart and loose in-memory updated values?

one option is always to use some kind of proxy that does this, but I admit it's not ideal

yeah, that's currently the plan, to use a proxy.

if a kratos instance had a client_id/secret, it could pull those Bearer/Refresh tokens as needed, and it wouldn't need to live through a restart

so oauth2 based client/secret? it would make sense to support such standardized auth methods

can you create an github issue in ory/kratos with some details on how it should work?