Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hi, is there a way to abort registration / login on ory-kratos if the provided claims of a OIDC-Provider not meet some conditions?

Lets say i have multiple clients that want to use microsoft social sign in. Each of this clients has its own azure tenant. I can
decide that identities coming from different azure tenants with the `iss` claim in the token (<https://learn.microsoft.com/en-us/azure/active-directory/develop/id-tokens>). How can i restrict registration / login for "unknown" tenants?

Is something like this possible within hooks?

<@U011D3UQKNY> Sorry for the direct ping, but it some kind of behaviour possible?

Hello <@U03G2NBQ25N>
Sorry if was out of office for vacation.
I think there is definitely some way to solve this. Most likely in your frontend code, you can redirect the user to an info page if the claim does not match.