Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hey

I have such standart flow:
1. user authenticates through external identity provider
2. kratos handles callback and issue kratos_session for user
3. user perform some requests, everything fine. If I wanna to extend user session I can use /admin/sessions/{id}/extend endpoint. But, what if user was deactivated on external identity provider side? As I understand, before extending session kratos should try to refresh information about user by calling oidc refresh token endpoint. In such case deactivated user couldn't infinitely extend session. What to you think about that? Are there any ways to achieve such behavior? 