Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Is it 2 different identity/user stores?
Should I be able to log on your platform and your community widget using the same identity?
If no, you can just deploy Ory 2 times or create 2 Ory Network projects with the different TTL for sessions.

Btw, why the different times for session timeout?
Would be interested what the threat model/business case behind it is.

It’s Fintech and yes it’s the same user identity for the platform and the community chat.
In our case we want session to expire within say a day.
The community widget requires that the users can stay logged in to chat and respond to messages.
Does this make sense?

Yes totally. Is the community widget a web app that runs in the browser/SPA or a native/mobile application?
I am thinking maybe you can handle the widget sessions through OAuth2 and the platform sessions normally without OAuth2