Okay, first off I just want to say how amazing Ory looks, I love how it's developer/api first and I think it's a great product. It seems to cover all the use cases I could ever imagine needing so I just want to say props to the team for building such an awesome and elegant solution. In the past I have always just built my own half baked solutions for authentication, but this knocks everything out of the park. I'm looking to now use Ory in a production manner at my company and I thought this would just be a great place to make an introduction. I have looked at other solutions like Auth0 but after speaking to a few friends that have built products with it, they've all said the same thing "It's too expensive and the costs really creep up, we had to move away and build our own solution." Now what I love about Ory is the fact that if the cloud ever becomes to expensive, the open source aspect will allow us to transition over to our own hosting aspect, but I hope this never becomes the case as I would like to support the team as long as it makes financial sense for us to do so. Now I should explain that I haven't actually used Ory yet but I am looking forward to playing around with it over the next week or two. The first thing I would like to understand is the whole concept of flows, it seems a bit baffling to me and I feel like the documentation doesn't quite cover it to the depth I would like personally. So moving onto my question, let's say I have a registration form that would take a few things, such as phone number, date of birth and other things I would like to validate which would be stored outside of Ory. How would I actually achieve this and only persisting the user given my validation checks pass? Also, I saw that it was possible for you to create registrations based on type of identity i.e. customer, staff etc... Would it also be possible to create identities which aren't unique such as the same email being used twice, but under a different website? Allow me to clarify this question a bit further, we have a service which users are able to sign up to, but this service is also branded under different names too, we have users that are able to register on both branded sites separately but admins have one login for all brands. Is this possible with Ory or would it require multiple instances/projects?

Hello. I have a small question. You said that you have branded websites. Does they run on different domains?

I saw that it was possible for you to create registrations based on type of identity i.e. customer, staff etc.

You can read about different identity schemas here

@User yes they would run on different domain.

The idea is to manage admin identities on all Ory Kratos instances, and I think you need one instance per domain based on your initial request. You have two options here. 1. Create an additional user interface to manage admin identities, and you can use adminCreateIdentity API endpoint to create admin identities on all Kratos instances you have 2. You can also use a after registration webhook to create admin identity on other kratos instances

That makes sense, great! thanks Andrew! I'm looking forward to implementing Ory as part of our IAM and microservice architecture. Just one last question, is Oathkeeper what I would need to manage Machine-to-Machine authentication? As in, if I have one micro-service that wants to talk to another, should I be using Oathkeeper to manage that or is Oathkeeper strictly for managing requests from reverse proxy?

Oathkeeper is identity and iam proxy. It can help you to build applications without thinking about authentication. For instance you use nginx as ingress proxy and oathkeeper can act as decision api for subrequest authentication and nginx will proxy only authenticated requests for your services. As an example you can check the shorts project. Oathkeeper handles authentication part, makes requests to kratos to check session, mutate request and adds X-User with the id of authenticated user or redirects unauthenticated. On the backend I implemented middleware that gets X-user and uses it for the CRUDL operations

That is great, love the support you guys are giving. I love Ory and like I said in my previous message, as long as the costs seem reasonable for Ory cloud then I am happy to pay them and include them in our production app! Pass my thanks to the entire team, absolutely great work and great product!

@User just to add here that that was also my impression of the Ory docs. At one point I volunteered to suggest a way to illustrate things that would work well for a new user, but then I got too busy. Good luck :)