Ory Oathkeeper
salami
Ory Oathkeeper | salami | |
---|---|---|
4 | 3 | |
3,172 | 42 | |
0.6% | - | |
6.8 | 9.3 | |
3 days ago | 6 months ago | |
Go | Go | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Ory Oathkeeper
- Launch HN: PropelAuth (YC W22) – End-to-end auth service for B2B products
-
oathkeeper alternatives - emissary, envoy, and Nginx
4 projects | 18 Jan 2022
- Launch YC S21: Meet the Batch, Thread #4
-
The reason okta spent $6.5B Auth0
Hydra feels mature. I think it's their longest-developed product so far. Besides breaking changes during big upgrades(v0 -> v1beta -> v1), everything has been painless:
- It runs anywhere with or without containers
- API makes sense, good SDKs are available in all my used languages
- RAM usage is surprisingly low compared to usage and has been great for resource-constrained environments
- Stateless means horizontal scaling is as easy as `replicas++`
- Sub-millisecond response times for some calls, much faster than our previous setup
With Hydra, I know it's the client's fault when OAuth calls fail and not just a buggy server implementation. This is reinforced in dev mode with great errors like:
- The authorization code has already been used
- The request is missing the response_type parameter
- Parameter "nonce" must be set when using the implicit flow
- Redirect URL "https://example.com/callback" does not match
On the flipside, Oathkeeper is not a mature product and has not yet reached v1. There are breaking changes planned [1]. It lacks support for at least one popular usecase (mine) out of the box [2]. Rules can be hard to create and debug. I wouldn't recommend Oathkeeper in its current state unless you're ready to dive in and fix things yourself. Once configured it sticks with the Ory trend: fast, lean, and stable.
Depending on your usecase, Oathkeeper could be swapped out with any IAP like Pomerium or just with your reverse proxy's auth request support + some small custom shim.
I haven't tried Keto (access control) or Kratos (user management) yet. Kratos is on my todo list.
[1] https://github.com/ory/oathkeeper/issues/441
salami
What are some alternatives?
Ory Keto - Open Source (Go) implementation of "Zanzibar: Google's Consistent, Global Authorization System". Ships gRPC, REST APIs, newSQL, and an easy and granular permission language. Supports ACL, RBAC, and other access models.
Selefra - The open-source policy-as-code software that provides analysis for Multi-Cloud and SaaS environments, you can get insight with natural language (powered by OpenAI).
fusionauth-issues - FusionAuth issue submission project
terraform-provider-iterative - ☁️ Terraform plugin for machine learning workloads: spot instance recovery & auto-termination | AWS, GCP, Azure, Kubernetes
emissary - open source Kubernetes-native API gateway for microservices built on the Envoy Proxy
oauth2_proxy - A reverse proxy that provides authentication with Google, Azure, OpenID Connect and many more identity providers. [Moved to: https://github.com/oauth2-proxy/oauth2-proxy]
warrant-demo-app-ts - Example demonstrating how to add end-to-end authorization & access control to an ExpressJS + React app using Warrant
when - A natural language date/time parser with pluggable rules
OPA (Open Policy Agent) - Open Policy Agent (OPA) is an open source, general-purpose policy engine.
wave - Kubernetes configuration tracking controller
edge-agent - Warrant Edge agent
oauth2-proxy - A reverse proxy that provides authentication with Google, Azure, OpenID Connect and many more identity providers.