We are conducting some POCs to use Kratos for adding authentication to multiple products in our company, we are at early stage, have some questions, just wanted to throw it out there: 1. we are planning to run a instance of kratos and have client connect to the kratos instance directly. Is there any reason we would need to hide the kratos instance in private network and wrap signin, signup etc APIs before using it on client side? 2. will we be able to add custom data into the token later if we want or will we have to wrap the kratos APIs for that 3. we will have multiple products which may have different host names and want to use one user login to access all of them. I think I can just reuse one kratos instance for this, right?

@icy-lighter-6522 hi! Were you able to implement this?

My colleague @hundreds-football-83355 has taken over this, I believe we have made some progress here

@hundreds-football-83355 hey, could you comment how you did this?

@shy-beach-55709 @icy-lighter-6522 I have explored points 1 and 2 and they are possible. Yet to explore for point 3. 1. We have used oathkeeper as a proxy to kratos APIs. So kratos can be kept private. 2. Identity schema can be configured to keep custom data into Identity cookie/token.