Authorization for Admin API of Kratos (M2M authorization)

jcamp · July 21, 2020, 8:28am

Hello,

I’m rather new to the whole identity management and security, so please be patient with me if this question is stupid.

Usually, there are some authorization steps done (e.g. via tokens) when communicating with an API and in our setup we definitely need that. We don’t want to fully rely on just securing the network within our Kubernetes cluster.

So are there possibilities to do that? And to authorize write and read access separately for example? I am pretty sure that Kratos has a similar feature, but I couldn’t find it in the docs.

Thank you for your help!

hackerman · July 22, 2020, 9:42am

If you use something like ORY Oathkeeper in front of ORY Kratos then you would be able to expose the ORY Kratos Admin APIs to the public internet

jcamp · July 23, 2020, 11:53am

I will have a look at Oathkeeper then! This can certainly be a workaround for managing internal accounts for the admin section… Thanks!