You have a lot of great products, but I’m missing the “big picture” of how all the pieces would work together. Am I missing a key documentation?
Might be easier to start with describing our need: we have a backend api (elixir graphql) and a front end (on a different sub domain) in js (react)
A user belong to an organisation and that might grant access to different entities (it’s a campaign/petition tool)
For what I understand, kratos takes care of the user registration + information about the organisations and ketos of the permissions of who can access to what (or we might keep part of it in our server)
What I’m not sure is how the APi can use that information. I was hoping for a simple JWT, but it seems that the security community has mixed feeling about it.
What is the “ory way” to let the api see if the user is authenticated and what permissions they have (or the organisation they belong to?)
Thanks to point me to the documentation and let me see the light
Lastly, is there already some integration between kratos and phoenix by any chance?