Hello, I want to create association between my identiteis (ory) and external system that requires authentication to perform some actions. I was wondering whether admin metadata is a good/right place to store api keys and fetch them from there when the identity attempts to perform action and is properly authenticated against Ory ? Or can I somehow define my own credentials i.e. custom credentials ?

Hello @stocky-caravan-55944 I think it can be a good solution. You can have some Ory actions to make it smooth - so maybe one after login that gets the API key from the metadata. Keep in mind that public metadata can be read by everyone who gets access to the session object - so usually the user/browser/client. For API keys you often want to show them once and never again. For this metadata is not ideal. You could also have a protected db somewhere with the api keys and then use the Ory identity id or identifier to correlate them. That being said we have been thinking about building a dedicated service for long-lived API keys since there seems to be a gap in the industry there. Most people - like we did for Ory Network - roll their own custom solution for api keys

Yes i was actually suggesting to you to build something like this in the survey that you send.