Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

&gt; diagram on how the different services are put together
There is one here: <https://www.ory.sh/docs/ecosystem/projects>, but it is very highlevel/abstract. How exactly the services are put together also depends a lot on your use case, so its hard to create a “generic” diagram that works for everyone.

Do you maybe have some examples in other tools documentation that you would like to see similarly in Ory docs?

As for your questions
1. yes ory/oathkeeper is the service that handles incoming http requests
2. not using introspection flow, but you can call the /whoami API at Kratos to authenticate incoming requests
3. Kratos does not issue Oauth tokes, but you can transform the Kratos token/cookie into a JWT with Oathkeeper 
4. sure 
5. If you want to <https://www.ory.sh/run-oauth2-server-open-source-api-security/|run your own Oauth2 server, you can do that with ory/hydra> - but you probably dont need it! (<https://www.ory.sh/oauth2-openid-connect-do-you-need-use-cases-examples/|see this blogpost>)