Hi ! We are thinking of using Ory Kratos as our Identity Provider. We have several webapps, each of them has the same top domain, so everything is fine. We have also a mobile app which can use Ory Kratos as well. But sometimes we need to redirect users from our mobile app to our webapps in a browser (out-app). In this case, how can we make the user to be logged in from Ory Kratos in the browser, so the user can move from a webapp to another in the browser? Thanks for you help!

Hi, that use case is not yet covered!

Very reactive! But it would be? Otherwize, if we use the in-app browser, a browser-based authentication would work?

I think what you are looking for is a way to convert the token you are using in the app to a cookie in the browser (browser based auth flow and API based auth flow work differently). I don't think there is a way to do this right now, so you would probably have to just ask the user to log in again in the browser.

Yes well said Sam. Converting the tokens into another session format is kinda tricky, because it’s like a “use this token to log in as often as you want” type of scenario. It’s very difficult to make this secure and would need things like token replay detection. So there are no immediate plans or RFCs for such a feature

Ok thanks to both of you for your help!

If it’s all in the same browser and domain it could work, otherwise it wouldn’t work because Hydra can not identify the user