Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Maybe kinda related to the above question:
I have a chrome extension that needs to make authorized requests to my backend, regardless of what page the user is currently viewing.  My current thesis would involve a normal login page which would then hit a special endpoint which would reflect the cookie value back (since I can’t see it in javascript due to httponly), which I would then store in my chrome extensions localStorage to make requests to my backend in the Authorization header - which I would then pop out of the header and provide as a cookie when making requests to the ory backend for authz checks and the like.

This feels terribly convoluted. What’s a better way of doing this?