https://www.ory.sh/ logo
h

high-optician-2097

01/05/2022, 1:26 PM
n

numerous-umbrella-61726

01/05/2022, 1:30 PM
looks like the fosite link goes to hydra
also they both go to the pull requests page instead of the main repo page, but maybe that was intentional
h

high-optician-2097

01/05/2022, 1:40 PM
ha, nice find - thanks!
n

numerous-umbrella-61726

01/05/2022, 2:19 PM
this is a lot of great information, thank you!
i think my only feedback may be to put the “convince your peers” section higher, as i think most people coming across this post will likely have these or similar questions, so it provides some good context going in
h

high-optician-2097

01/05/2022, 2:31 PM
you’re welcome, thank you for providing feedback 🙂 got it, i think the idea behind having it as the last item was to first explain the difficulties and then draw from those explanations (because now they should be obvious) and provide some easy things people can say
👍 1
s

silly-magazine-7905

01/05/2022, 2:32 PM
Great read! Only a few spelling & grammatical errors
h

high-optician-2097

01/05/2022, 2:33 PM
Thank you Omar! If you want, you can make a PR for this document 🙂 I would highly appreciate it! https://github.com/ory/web/blob/master/src/markdown/blog/oauth2-use-cases-examples.mdx
s

silly-magazine-7905

01/05/2022, 2:34 PM
Sure thing!
h

high-optician-2097

01/05/2022, 2:34 PM
thank you!!
s

silly-magazine-7905

01/05/2022, 5:07 PM
Sorry it took so long. Our release partner at work needed help, so had to take care of that https://github.com/ory/web/pull/503
b

bulky-architect-22083

01/06/2022, 2:32 AM
Excellent article! I think I need to read this a couple of times to completely digest all the material that is covered 😃 I like the “scopes are not permissions” part. At my company we are planning to use Kratos OSS for Identity management. However we have different teams developing different “services” with their own user profiles. What we wanted was a core Identity Management Platform for managing user authentication and authorization from different services. So we decided to let Kratos manage only the email and password of each service and use Ory Hydra on top of Kratos. We decided to use “scope” to manage the service "scope” i.e. to identify the service that the user is allowed to login to because we wanted to keep service scope out of the user profiles. Would like your opinion on this 🙏🏽
h

high-optician-2097

01/06/2022, 9:48 AM
what you're looking for is not the scope, but the audience
so e.g. "this session" is intended for the audience: server x
b

bulky-architect-22083

01/06/2022, 10:52 AM
Ah! That makes a lot of sense. Thank you 🙏 I always wondered what role “audience” played and got that “Aha”moment now 😀
h

high-optician-2097

01/06/2022, 11:18 AM
nice .)
❤️ 1
b

bulky-architect-22083

01/06/2022, 11:53 AM
And this makes sense too… awesome! https://www.ory.sh/hydra/docs/advanced/#audience Setting the audience actually removes a lot of headaches from them implementation side… 😃
7 Views