Show HN: Open-Source Identity Server Written in Go (Ory Kratos)

This page summarizes the projects mentioned and recommended in the original post on

Our great sponsors
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • Onboard AI - ChatGPT with full context of any GitHub repo.
  • WorkOS - The modern identity platform for B2B SaaS
  • Ory Kratos

    Next-gen identity server replacing your Auth0, Okta, Firebase with hardened security and PassKeys, SMS, OIDC, Social Sign In, MFA, FIDO, TOTP and OTP, WebAuthn, passwordless and much more. Golang, headless, API-first. Available as a worry-free SaaS with the fairest pricing on the market! (by ory)

    Congratulations on Kratos coming out of Beta.

    We evaluated Ory a few months ago. My understanding:

    1. Ory Kratos provides session-based authentication and user management.

    2. Ory Hydra is a self-managed server that secures access to your applications and APIs with OAuth 2.0 and OpenID Connect.

    Basically we want to replace AWS Cognito (which is pretty much abandonware) to secure our API so we needed both applications. Unfortunately we had to put our efforts on hold:

    1. Bugs around traits meant we had issues around password change, password recovery and email change/reverifications for our use-case

    2. Lack of documentation prevented us making progress on 2FA/WebAuthn

    3. Bearer token/Oauth consent flow wasn't available without a lot of work because Kratos and Hydra are not "integrated" [1]. Someone shows how they rolled their own integration [2].

    I'd love for someone to advise that we were wrong or misunderstood things or that things have moved on since then!


  • IdentityServer

    The most flexible and standards-compliant OpenID Connect and OAuth 2.x framework for ASP.NET Core

    I think "Identity Provider" is more correct, no? "IdentityServer" is the name of a specific IdP implemented in .NET (formerly OSS as, and now as a more commercial form as Duende IdentityServer:

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  • kratos-service

    Example single node kratos service

    I love the way Ory is set up and documented to be understandable and deployable as components. I played with Kratos a couple weeks ago and made a single vm deployment using sqlite on The configuration documentation for Kratos was a bit dense, there's so much functionality in there already despite it being just out of beta so I pushed my config to github so you can get going on with it immediately:

    (you can paypal me later tptacek ;))

  • Ory Keto

    Open Source (Go) implementation of "Zanzibar: Google's Consistent, Global Authorization System". Ships gRPC, REST APIs, newSQL, and an easy and granular permission language. Supports ACL, RBAC, and other access models.

  • node-oidc-provider

    OpenID Certified™ OAuth 2.0 Authorization Server implementation for Node.js

    I'm passing familiar with this area, but not as familiar as I should be...

    How does this compare to something like this -

    Are they addressing the same need? Is Ory looking to get certified in these area? (Is it already?)

  • kratos-selfservice-ui-node

    We experienced issues with the settings API not updating traits. Will try again now that things have moved on.

    Regarding Kratos and Hydra is this[1] your PR?


NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts