Our great sponsors
-
Ory Kratos
Next-gen identity server replacing your Auth0, Okta, Firebase with hardened security and PassKeys, SMS, OIDC, Social Sign In, MFA, FIDO, TOTP and OTP, WebAuthn, passwordless and much more. Golang, headless, API-first. Available as a worry-free SaaS with the fairest pricing on the market! (by ory)
-
IdentityServer
The most flexible and standards-compliant OpenID Connect and OAuth 2.x framework for ASP.NET Core
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
Ory Keto
Open Source (Go) implementation of "Zanzibar: Google's Consistent, Global Authorization System". Ships gRPC, REST APIs, newSQL, and an easy and granular permission language. Supports ACL, RBAC, and other access models.
-
Congratulations on Kratos coming out of Beta.
We evaluated Ory a few months ago. My understanding:
1. Ory Kratos provides session-based authentication and user management.
2. Ory Hydra is a self-managed server that secures access to your applications and APIs with OAuth 2.0 and OpenID Connect.
Basically we want to replace AWS Cognito (which is pretty much abandonware) to secure our API so we needed both applications. Unfortunately we had to put our efforts on hold:
1. Bugs around traits meant we had issues around password change, password recovery and email change/reverifications for our use-case
2. Lack of documentation prevented us making progress on 2FA/WebAuthn
3. Bearer token/Oauth consent flow wasn't available without a lot of work because Kratos and Hydra are not "integrated" [1]. Someone shows how they rolled their own integration [2].
I'd love for someone to advise that we were wrong or misunderstood things or that things have moved on since then!
[1] https://github.com/ory/kratos/issues/273
I think "Identity Provider" is more correct, no? "IdentityServer" is the name of a specific IdP implemented in .NET (formerly OSS as https://identityserver4.readthedocs.io/en/latest, and now as a more commercial form as Duende IdentityServer: https://duendesoftware.com/products/identityserver)
I love the way Ory is set up and documented to be understandable and deployable as components. I played with Kratos a couple weeks ago and made a single vm deployment using sqlite on fly.io. The configuration documentation for Kratos was a bit dense, there's so much functionality in there already despite it being just out of beta so I pushed my config to github so you can get going on fly.io with it immediately:
https://github.com/tinco/kratos-service
(you can paypal me later tptacek ;))
I'm passing familiar with this area, but not as familiar as I should be...
How does this compare to something like this - https://github.com/panva/node-oidc-provider
Are they addressing the same need? Is Ory looking to get certified in these area? (Is it already?)
We experienced issues with the settings API not updating traits. Will try again now that things have moved on.
Regarding Kratos and Hydra is this[1] your PR?
[1]https://github.com/ory/kratos-selfservice-ui-node/pull/149