also from an auth perspective we could have one domain only e.g (auth.company.com), so long as the user is then redirected to the site domain

I see that there is a "custom domains" option, not available in the free tier

how does this translate in the opensource version of the product out of curiosity?

(we want to go with paid cloud, but want to avoid any non opensource features)

that sounds hairy

if the approach is cookie based, can't we just assign a different cookie per site?

@magnificent-energy-493 @fast-lunch-54279 we'll probably discuss this next call, but this is one of the main issues we're facing

it's making it hard to understand if we are forced to go with Hydra or Kratos (cookie vs oauth)

for example I should be able to login to prosple.com and the same user be able to login to gradaustralia.com.au

we don't need SSO, it's fine for the user to login again (separate sessions)

the link above seems to imply that this is possible with a single Kratos instance, but how?

Hello @jolly-ocean-27001 apologies for the late response! You can do this using a single Ory Network instance on the Scale plan. You can add up to 5 domains and we can also scale that up to your needs - for more than 5 we need to discuss with you but there are in theory no technical limitations to scaling that up to hundreds or thousands.

can’t we just assign a different cookie per site?

That is basically what we do with this feature. There is also the OAuth2 option, but that is more for SSO/federation of sessions as you rightly noted.