You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Kratos currently expects that all services within a system architecture live beneath a single host, each on a unique path (e.g. app.myproduct.com/service1, app.myproduct.com/service2, app.myproduct.com/service3...).
Unfortunately, if your application architecture separates services by subdomain (e.g. service1.myproduct.com, service2.myproduct.com, service3.myproduct.com...), Kratos can't be used effectively. CloudRun, Heroku, and other "serverless" solutions commonly expose services directly to the public, and don't allow for fronting by a gateway or reverse proxy.
If the Kratos session cookie 'domain' property was made configurable (e.g. domain=myproduct.com), Kratos would be just as useful to all apps, regardless of if they expose their internal services by path or subdomain.
The text was updated successfully, but these errors were encountered:
@eriklott Hi looks like this ticket item was implemented in Kratos but I can't seem to set the domain attribute even when I set the Kratos config with the following (I'm using Kratos Helm chart - Kratos version: v0.8.0-alpha.3):
Kratos currently expects that all services within a system architecture live beneath a single host, each on a unique path (e.g. app.myproduct.com/service1, app.myproduct.com/service2, app.myproduct.com/service3...).
Unfortunately, if your application architecture separates services by subdomain (e.g. service1.myproduct.com, service2.myproduct.com, service3.myproduct.com...), Kratos can't be used effectively. CloudRun, Heroku, and other "serverless" solutions commonly expose services directly to the public, and don't allow for fronting by a gateway or reverse proxy.
If the Kratos session cookie 'domain' property was made configurable (e.g. domain=myproduct.com), Kratos would be just as useful to all apps, regardless of if they expose their internal services by path or subdomain.
The text was updated successfully, but these errors were encountered: