Preflight checklist
Ory Network Project
No response
Describe your problem
We're using a single tenant deployment model, where each of our back-ends gets its own Ory project. These back-ends would ideally be able to introspect their own project configs, as to be able to get info about i.e. which OIDC/SAML providers are registered, since this can happen out of band of the back-end with the self-service functionality there. If we want to enable this as is, that would require them to each have full workspace access, which would be a serious escalation of privilege for any one back-end.
Describe your ideal solution
Allow read-only project access using an access token scoped to that project.
Workarounds or alternatives
Some kind of intermediate service that holds the wak and authenticates each back-end would be a workaround for this, but the overhead would be considerable.
Version
network
Additional Context
No response
Preflight checklist
Ory Network Project
No response
Describe your problem
We're using a single tenant deployment model, where each of our back-ends gets its own Ory project. These back-ends would ideally be able to introspect their own project configs, as to be able to get info about i.e. which OIDC/SAML providers are registered, since this can happen out of band of the back-end with the self-service functionality there. If we want to enable this as is, that would require them to each have full workspace access, which would be a serious escalation of privilege for any one back-end.
Describe your ideal solution
Allow read-only project access using an access token scoped to that project.
Workarounds or alternatives
Some kind of intermediate service that holds the wak and authenticates each back-end would be a workaround for this, but the overhead would be considerable.
Version
network
Additional Context
No response