Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

I'm getting a cors issue using javascript SDK: `ory.adminListIdentities()` , and it looks like there isn't an option to set cors in the kratos.yml under
```serve:
  admin:```

We are “exposing” it through oathkeeper 

So I have to set up oauthkeeper to use admin in kratos?

The admin endpoints are not secured by kratos directly. We recommend using something like <https://github.com/ory/oathkeeper/|oathkeeper> to secure access to it, as leaving it exposed on the web (or even just an intranet) can be very dangerous.

Your specific case sounds like you’re trying to call the admin endpoint from a browser. While this can be set-up to work, this is not recommended, and will lead to errors such as yours.

A better way is, to set up an “admin” application that talks to the endpoints from a server, where you can build your own frontend, scheduled jobs, etc.

This is super helpful and gets me unstuck. Thank you!