Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hello :wave: ,

We’re long time users of Ory Hydra that we use to:
1. Provide ways of external services to use our user identity on their platforms on theirs (ex. a Chrome extension in which users can login to get access to our services)
2. Manage our own services (SPAs frontends) login/auth
For the point 2., we’re wondering if using Oauth2 login flow for all our internal services is really the most effective ways of doing things.
Could ORY Kratos offer us a way to manage user session and authentication without the hassle of Oauth2 login flow?

Meaning, can we use its “Ory Kratos Session Token” to authorise users on ours APIs? Or should we stick with Hydra’s access token?

It seems that Ory Kratos seems to be usable by itself for end to end login/session management from what I read here: <https://www.ory.sh/oauth2-openid-connect-do-you-need-use-cases-examples/>