Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Does Kratos support non-user identities, such as devices or service accounts? The flow would look something like so:
1. Generate a private/public key pair
2. Create a new identity and store the public key as a trait.
3. Authenticate token generated with private key using the stored public key

related: <https://github.com/ory/kratos/issues/1106>
but I guess you want the "identity" to not be tight to some real user
it does not really make sense to use Kratos there, as it mainly cares about user input validation, credential reset, MFA, session management, ....
I'd recommend to wrap the `/sessions/whoami` endpoint in your backend and issue "machine credentials" yourself according to your needs, as those don't need a way to reset a password, validate an email address, logout, ....
in the wrapper you could then e.g. based on format decide which auth strategy to use
or use oathkeeper <https://www.ory.sh/docs/oathkeeper/pipeline/authn>