#general
Title
h
high-optician-2097
01/05/2022, 1:26 PM
I wrote a blog post on OAuth2 - thoughts?
https://www.ory.sh/oauth2-openid-connect-do-you-need-use-cases-examples/
n
numerous-umbrella-61726
01/05/2022, 1:30 PMlooks like the fosite link goes to hydra
also they both go to the pull requests page instead of the main repo page, but maybe that was intentional
h
high-optician-2097
01/05/2022, 1:40 PM
ha, nice find - thanks!
n
numerous-umbrella-61726
01/05/2022, 2:19 PMthis is a lot of great information, thank you!
i think my only feedback may be to put the “convince your peers” section higher, as i think most people coming across this post will likely have these or similar questions, so it provides some good context going in
h
high-optician-2097
01/05/2022, 2:31 PM
you’re welcome, thank you for providing feedback 🙂
got it, i think the idea behind having it as the last item was to first explain the difficulties and then draw from those explanations (because now they should be obvious) and provide some easy things people can say
👍 1
s
silly-magazine-7905
01/05/2022, 2:32 PMGreat read! Only a few spelling & grammatical errors
h
high-optician-2097
01/05/2022, 2:33 PM
Thank you Omar! If you want, you can make a PR for this document 🙂 I would highly appreciate it!
https://github.com/ory/web/blob/master/src/markdown/blog/oauth2-use-cases-examples.mdx
s
silly-magazine-7905
01/05/2022, 2:34 PMSure thing!
h
high-optician-2097
01/05/2022, 2:34 PM
thank you!!
s
silly-magazine-7905
01/05/2022, 5:07 PMSorry it took so long. Our release partner at work needed help, so had to take care of that https://github.com/ory/web/pull/503
b
bulky-architect-22083
01/06/2022, 2:32 AMExcellent article!
I think I need to read this a couple of times to completely digest all the material that is covered 😃
I like the “scopes are not permissions” part.
At my company we are planning to use Kratos OSS for Identity management.
However we have different teams developing different “services” with their own user profiles.
What we wanted was a core Identity Management Platform for managing user authentication and authorization from different services.
So we decided to let Kratos manage only the email and password of each service and use Ory Hydra on top of Kratos.
We decided to use “scope” to manage the service "scope” i.e. to identify the service that the user is allowed to login to because we wanted to keep service scope out of the user profiles.
Would like your opinion on this 🙏🏽
h
high-optician-2097
01/06/2022, 9:48 AM
what you're looking for is not the scope, but the audience
so e.g. "this session" is intended for the audience: server x
b
bulky-architect-22083
01/06/2022, 10:52 AMAh! That makes a lot of sense. Thank you 🙏 I always wondered what role “audience” played and got that “Aha”moment now 😀
h
high-optician-2097
01/06/2022, 11:18 AM
nice .)
❤️ 1
b
bulky-architect-22083
01/06/2022, 11:53 AMAnd this makes sense too… awesome!
https://www.ory.sh/hydra/docs/advanced/#audience
Setting the audience actually removes a lot of headaches from them implementation side… 😃
7 Views