@User
Good Question.
TLDR
I fetch it from my
main.com server every time. However I am also looking at ways I can cache this information. Haven't gotten around to implementing it yet.
The long explanation follows:
I only store user email and password in
main.com and let each service such as
proj1.com that connects to
main.com for authentication manage other user information such as name etc.
This way I can let each service manage their own user information and only use Kratos/Hydra for just authentication/authorization with email and password.
Once
proj1.com successfully authenticates with
main.com, I store the email and kratos identity id within the access token created by Hydra.
Then
proj1.com uses hydra’s introspect token endpoint to get the kratos identity id and also check if the token is active.
Each service such as
proj1.com proj2.com has a kratos identity id column in their respective user tables to verify if the user has access to the respective services.
Let me know if you need any clarification regarding my explanation.
I have also updated my repo to demonstrate how I use metadata to turn registration on and off for example.
https://github.com/atreya2011/go-kratos-test/compare/hydra-consent?expand=1