Hello all! Can we do oauth2 authentication flow ju...
# talk-oathkeeperg
gifted-gold-29282
03/06/2023, 2:28 PMHello all! Can we do oauth2 authentication flow just using oathkeeper and hydra?
Can oathkeeper process the flow by itself?
I am just wondering if it is possible to support it nativally with ory stack and without using libs like nextauth.js or passport.js?
n
numerous-umbrella-61726
03/06/2023, 2:35 PMthat's currently how we're using them, hydra generates the oauth token then oathkeeper verifies it using https://www.ory.sh/docs/oathkeeper/pipeline/authn#oauth2_introspection
numerous-umbrella-61726
03/06/2023, 2:36 PMyou do have to have some external authentication system, as hydra does not provide that, it just attaches oauth to an existing authentication flow, but you can use kratos for that if you don't already have an auth flow
g
gifted-gold-29282
03/06/2023, 2:42 PMThank you! So we still need to use libs to process the auth on the client side. to get tokens, etc.
n
numerous-umbrella-61726
03/06/2023, 2:44 PMyes, you need something to fulfill the auth flow during the oauth consent cycle of hydra, but once oauth has completes you don't technically need anything to verify those oauth tokens on the service side as oathkeeper can handle that, as long as you can ensure traffic to your app only comes from oathkeeper, then oathkeeper can be your trustless edge into your trusted internal network
numerous-umbrella-61726
03/06/2023, 2:46 PMin our case, we already had a home-grown auth flow, so we used hydra to add oauth/openid connect, and now our plan for later this year is to replace that home-grown system with kratos, so we can completely get out of the auth game in our code
g
gifted-gold-29282
03/06/2023, 2:46 PMNice!
2 Views