Hello everyone, I've few questions regarding ory ecosystem, so I can decide if it's the right tool for my project. So first, I'd like to use ory kratos for auth, as far as i understand kratos uses separate database, so if f.e. i use postgres in my main app and i'd want to let people add comments (something simple like userId + text) the correct way to do this is create user in user table in kratos hook? My second question refers to ory keto. As far as I understand ory keto is simmilar to kratos in the way it is decoupled from my main app database. So let's say i want to limit users so they can only see their own comments i should add relation in keto after adding comment to my app database, is that correct?

Hello, @rhythmic-toddler-31735. Kratos has hooks to provide integrations during the authentication flows (e.g. registration, login, verification). Small real-life example. For instance, you have an ecommerce service and you want to send an additional email once email was confirmed by the user. In that case, you can use verification.after hook to make a request to mailgun/mailchimp or any other smtp provider I think that calling

/sessions/whoami

endpoint would be enough to solve your issue and it looks like 1. Get session by calling

/sessions/whoami

2. Ensure we have valid session 3. Get

session.identity.id

and use it as identifier of the user 4. Store it in the database Let’s talk about Keto. Keto is access control engine and you need to keep in mind that requests to keto should be authenticated and authorized because it doesn’t have any mechanisms to check that. Honestly, for your case, using keto looks like a little bit of overcomplicating things, because you can get comments by running query with user_id, like

select * from comments where author_id=$identity_id_from_kratos

On the other hand, Keto is useful to provide access control features. Let’s say that you have

moderators

group and they can edit/approve comments. It means that you need to implement access control features and it sounds like a job for Keto. You can add

edit

permissions to some users.

tl;dr Keto: yes, to use Keto you would add the relation tuples as a side-effect during comment creation

Thanks for answers, i was looking around docs and imao it could be outlined more, so you don't have to reply to such basic questions. @damp-sunset-69236 answer could literally be copy pasted as example workflow with ory ecosystem. Again, thank you guys 🙂 PS. I asked about keto just to understand it, cause that totally is overkill for my app, but it seems like it could be useful in the future :-)

nice, good idea maybe @damp-sunset-69236 can find a place to add it in the docs?

I think main 'guides' section could be good place. Something like 'ory ecosystem workflow' with short explanation how you'd integrate each tool into app.

I found this to be useful - https://www.ory.sh/docs/ecosystem/projects

Thanks! I was looking for this as well. It would be helpful to have these kind of real-world implementation examples.