Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

We're trying integrating Ory Kratos and Ory Polis.

Our plan was to configure Polis as a generic OIDC provider in Kratos. However, Polis's `/authorize` endpoint requires `tenant` and `product` query parameters to function, and Kratos's OIDC provider doesn't seem to support adding these custom parameters.

Does this mean a direct Kratos-to-Polis OIDC integration is not a supported pattern? Is the recommended approach to use an application backend as an intermediary that calls the Kratos Admin API to create the session?

You can encode the tenant and product as clientId (‘tenant=<tenantId>&product=<productId>’) or use the clientId returned by the Polis connection

Thanks for clarification. But I would still need to add a separate kratos oidc for each polis connection?

So that means that you can only use Kratos-&gt;Polis for a static set of connections? Polis looked very interesting because it will allow my customers to setup their connections via API. But that doesn’t work with Kratos because the OIDC connection is through configuration files.