Is Kratos suitable for microservices separated by subdomain

I have an architecture made up of apps running on GCP Cloud Run “serverless” servers, with each app located on a different subdomain - app1_product_com, app2_product_com, etc. Each app is directly exposed to the web, and is not fronted by a gateway or reverse proxy.

The cookie that holds the current user session state is shared across all of the apps via cookie setting domain=product.com.

Can Kratos be used in this scenario? If so, how? After reading the docs, it seems that Kratos wants the entire app to live beneath one host (e.g. app_product_com).

One solution might be to use Kratos to back our identity app (id_product_com), and after a successful login/registration, set a second separate session cookie with domain=product.com. However, keeping this new session cookie in sync with the Kratos session might be an issue.

Any solutions would be welcome. Kratos looks like a fantastic product, and I’d be happy to use it if possible.

You are correct, the entire app currently needs to reside on the same domain or on a subdomain. I think we could make a change to ORY Kratos to allow setting the session domain manually, which would allow you to have, for example, app1_product_com.mydomain.com, app1_product_com.mydomain.com, kratos.mydomain.com. If you track that as an issue (or provide a PR) I’d be happy to accept the change request and merge it :slight_smile: