Allow Ory project introspection over API with pat

[Sajuno]

Preflight checklist

• [x] I could not find a solution in the existing issues, docs, nor discussions.
• [x] I agree to follow this project's Code of Conduct.
• [x] I have read and am following this repository's Contribution Guidelines.
• [x] I have joined the Ory Community Slack.
• [ ] I am signed up to the Ory Security Patch Newsletter.

Ory Network Project

No response

Describe your problem

We're using a single tenant deployment model, where each of our back-ends gets its own Ory project. These back-ends would ideally be able to introspect their own project configs, as to be able to get info about i.e. which OIDC/SAML providers are registered, since this can happen out of band of the back-end with the self-service functionality there. If we want to enable this as is, that would require them to each have full workspace access, which would be a serious escalation of privilege for any one back-end.

Describe your ideal solution

Allow read-only project access using an access token scoped to that project.

Workarounds or alternatives

Some kind of intermediate service that holds the wak and authenticates each back-end would be a workaround for this, but the overhead would be considerable.

Version

network

Additional Context

No response