This message was deleted.
# generalm
microscopic-answer-24504
01/13/2023, 6:31 AMThis message was deleted.
j
jolly-ocean-27001
01/13/2023, 6:55 AMLooks like I can just pass the session to the API?
jolly-ocean-27001
01/13/2023, 6:55 AMhttps://dev-to-uploads.s3.amazonaws.com/uploads/articles/7jbo8myhuflr9qm9tfxw.pngβΎ
jolly-ocean-27001
01/13/2023, 7:02 AMthe other thing is how would this work in a multitenant app? In Oauth we have clients and each can be associated with a domain. Is that a concern with this model?
jolly-ocean-27001
01/13/2023, 7:02 AMwe have over 300 portals with different domains (the majority are all subdomains *.domain.com similar to how Slack does it but we do have a few custom domains as well)
jolly-ocean-27001
01/13/2023, 7:07 AMdoes this forces to use Hydra?
b
bulky-architect-22083
01/13/2023, 8:11 AMAre all the apps under your control?
bulky-architect-22083
01/13/2023, 8:11 AMYour control as in your organizations control?
j
jolly-ocean-27001
01/13/2023, 8:27 AMyes
jolly-ocean-27001
01/13/2023, 8:27 AMa few nextjs apps and then several checks would be at the microservice level, exposed via GraphQL APIs
jolly-ocean-27001
01/13/2023, 8:27 AM(everything under our control)
b
bulky-architect-22083
01/13/2023, 8:31 AMIn which case I think Kratos and Oathkeeper should be enough. You could store roles and permissions as admin level metadata for each user in Kratos.
j
jolly-ocean-27001
01/13/2023, 8:32 AMif it's stored as metadata, how would those relationships work? i.e modifying roles and permissions
jolly-ocean-27001
01/13/2023, 8:33 AMI'm also trying to figure out how multitenancy works
b
bulky-architect-22083
01/13/2023, 8:33 AMHow do you want to modify them
j
jolly-ocean-27001
01/13/2023, 8:33 AMadding new permissions to roles for example without having to modify the user's metadata
jolly-ocean-27001
01/13/2023, 8:33 AMi.e a user is assigned a role, the role is assigned permissions, standard RBAC
jolly-ocean-27001
01/13/2023, 8:34 AMI haven't looked into Oathkeeper yet as I understood Keto to be the appropriate product for permissions and access control
b
bulky-architect-22083
01/13/2023, 8:34 AMAs far as I am know, multi tenancy is not supported natively in the self hosted version. However the way we are doing it is, we store kratos uuid and tenant level details in our own backend.
j
jolly-ocean-27001
01/13/2023, 8:34 AMso you have multiple Kratos instances?
b
bulky-architect-22083
01/13/2023, 8:35 AMNo we donβt
bulky-architect-22083
01/13/2023, 8:36 AMKratos only stores email and password and other business related items such as roles, tenant id etc is stored in our own backend where we use the kratos identity id to identify the user logged in
j
jolly-ocean-27001
01/13/2023, 8:36 AMessentially we have 1 app, hundreds (thousands in the future) domains. The user logs in to a domain, goes through the auth process (against a single auth tenant) and is redirected back to the site
m
magnificent-energy-493
01/13/2023, 10:38 AM
@jolly-ocean-27001
Apologies for multithreads π
We have a solution for multiple domains on Ory Network now, and we are trialing a new pricing schema for 1000+ of domains.
I cant share it publicly yet, but I will DM you some details.
π 1
b
bulky-architect-22083
01/13/2023, 11:11 AM@magnificent-energy-493 Thank you for the followup. I hope I haven't given any wrong information π
m
magnificent-energy-493
01/13/2023, 2:56 PM
No that was alright π
Thank you for explaining and sharing how you use Ory.
πββοΈ 1
7 Views