Comments (3)
Maybe this is an option too: instead of a separate instance, make it configurable per client: #3205
from hydra.
Have you seen this: https://www.ory.sh/docs/kratos/mfa/step-up-authentication
Maybe your use case would be much easier if you leave out the OAuth2 part.
What is the reason to involve Hydra? IMHO OAuth2 is overkill for most projects.
Assume we know nothing about what you are trying to do, only thing we know is that you are building a new project in education.
from hydra.
@vinckr Yes I know :).
We will use Kratos as a "federation" hub and the user should be able to choose between Office365 (teachers or employees of our customer), our own legacy IDP and 2 educational OIDC providers (students) so we have one single "identity" server. Our customer has several (external) web apps which needs an identity on a standardized way so they choose OIDC with PKCE.
AFAIK Kratos can connect with OIDC providers but we need Hydra so others can connect to us using OIDC?
For another project, we use Kratos + oauthkeeper but there we have internal apps (behind the api gateway).
from hydra.
Related Issues (20)
- `Dockerfile`: Remove `VOLUME` instruction
- `Dockerfile`: Remove `/etc/nsswitch.conf` workaround HOT 1
- Configure sensitive fields that should be redacted HOT 1
- Cannot sign up twice from the same client
- Reading cookie in cross-site context will be blocked in future Chrome versions HOT 7
- Add tracing headers (or cookies) to the "User login and consent flow" so login service and ui service can link their traces to hydra's traceparent HOT 1
- quickstart 5-min fails: permission denied
- cli: add access token strategy parameter HOT 1
- Calling end_session_endpoint with id_token_hint errors when JWK is rotated HOT 2
- UPGRADE.md is outdated and linked in release communications for 2.2
- Cannot exchange external OIDC ID token for Hydra access token due to `aud` claim handling in Hydra HOT 1
- cli: add `--id` parameter to the `create oauth2-client` command
- Assertions may be reused & dead lock
- Add `prompt=create` alias for `prompt=registration`
- Add scope strategy allowing different separator for prefixes, resources and verbs HOT 1
- Deletes are not getting committed on CockroachDB HOT 2
- Deletes are not respecting the time boundaries with CockroachDB HOT 1
- /admin/oauth2/auth/requests/login returns 200 instead of 410 for a used login_challenge HOT 1
- Not able to perform simultaneous auth flows with the same client
- FATAL: no pg_hba.conf entry for host "xxx", user "hydra", database "hydra", no encryption (SQLSTATE 28000))
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from hydra.