Allow Ory project introspection over API with pat #430
Description
Preflight checklist
- I could not find a solution in the existing issues, docs, nor discussions.
- I agree to follow this project's Code of Conduct.
- I have read and am following this repository's Contribution Guidelines.
- I have joined the Ory Community Slack.
- I am signed up to the Ory Security Patch Newsletter.
Ory Network Project
No response
Describe your problem
We're using a single tenant deployment model, where each of our back-ends gets its own Ory project. These back-ends would ideally be able to introspect their own project configs, as to be able to get info about i.e. which OIDC/SAML providers are registered, since this can happen out of band of the back-end with the self-service functionality there. If we want to enable this as is, that would require them to each have full workspace access, which would be a serious escalation of privilege for any one back-end.
Describe your ideal solution
Allow read-only project access using an access token scoped to that project.
Workarounds or alternatives
Some kind of intermediate service that holds the wak and authenticates each back-end would be a workaround for this, but the overhead would be considerable.
Version
network
Additional Context
No response