hey dear ory community :)
i’m using kratos to log...
# talk-kratosp
prehistoric-garage-81870
09/29/2022, 9:46 AMhey dear ory community :)
i’m using kratos to login users on multiple subdomains with OIDC (google), with a set of oauth credentials for each app per subdomain.
setting this up like this works great:
Copy code
providers:
- id: google-subdomain1
provider: google
...
- id: google-subdomain2
provider: google
...m
magnificent-energy-493
09/29/2022, 10:37 AM
my only idea so far is running an instance of kratos per subdomain, with a different config.yaml using the same oidc.ID for each oauth provider.I think that would be a good solution actually, probably depends how many oauth provider you are looking to implement. See also this comment: https://github.com/ory/kratos/issues/1276#issuecomment-830832081
Given that people link their social accounts - multiple accounts - to the same Ory Kratos account, would they use them for authentication? Or would they simply use it to e.g. connect all their instagram accounts to one?In your case they would use them for authentication yes? Is asking the user to link their other social accounts through the settings UI an option?
p
prehistoric-garage-81870
09/29/2022, 11:04 AMYes, it's a very popular sign-in method used on my deployments (apprx 30% google, 40% facebook, remainder creates local accounts)
Asking users to link to existing accounts is a workaround, but in this case takes away the main advantage of speed/zero-interaction for the single-click login with OIDC.
Workaround of just using 1 set of oauth creds works with google, but facebook requires different app per subdomain.
A solution could be a config for sourcing the kratos identifier from
Copy code
provider.Config().Provider + claims.Subject Copy code
providers:
- id: google-subdomain1
provider: google
custom_identifier: google5 Views