Plug-and-play OAuth 2.0 & OpenID Connect

Developer-first Access Management.

Designed to Scale.

Changing architecture is expensive, so no matter what stage of development you’re in, you’ll want to think about scalability from the beginning. Whether you need to give third parties access to your systems, authorize mobile apps or IoT devices, or deal with multi-server environments: our systems have your back.

Ory systems are language-independent. We've seen results with projects written in Java, PHP, Golang, Node.js, Ruby, and others.

Our Open Source Products.

ORY Hydra - Hardened OAuth 2.0 & OpenID Connect Server.

Use state of the art access control for your APIs with OAuth 2.0. Become an Identity Provider with OpenID Connect. Define access control policies for granular permission management.

Hydra is built with security in mind and meets or exceeds all relevant standards. You wouldn't roll your own crypto, so why roll your own authorization?

ORY Oathkeeper - Zero Trust Identity & Access Proxy.

Enforce Access Control right where you need it - before fraudulent requests reach your system.

Oathkeeper is a reverse proxy and can act as the center piece of your API infrastructure.

ORY Console - Administrative User Interface.

Run and control your Access Management from one central web app.

Our Security console connects with Hydra and Oathkeeper and lets you manage and monitor them through an intuitive UI.

// The presented developer experience is still in development.
// Low level SDKs exist and are documented.
const router = require('express')();
const ory = require('ory')()

router.post("/login", (req, res) => {
  if (req.body.username === 'test' && req.body.password === 'secret') {
    ory.consent().grant({
      subject: req.body.username,
      scopes: ['some', 'scopes']
    }, req)    
    return
  }
  
  res.send('Username and password are not correct');
});
{
  "matchesMethods": ["GET"],
  "matchesUrl": "http://mydomain.com/api/example",
  "mode": "anonymous"
}
$ hydra permissions add my-user some-permission
   
$ hydra permissions list my-user
{
  "subject": "my-user",
  "permissions": ["some-permission"]
}

$ hydra permissions remove my-user some-permission
const router = require('express')();
const ory = require('ory')
const middleware = ory().auth().createMiddleware()

router.get("/api/example",
  middleware,
  (req, res, next) => {
    res.json({
      message: "Yay! You're allowed to access this!",
      user: req.user
    });
  }
);
  • 1. Integrate Login
  • 2. Define API Access Rule
  • 3. Define User Access Rights
  • 4. Protect API Endpoint

ORY works with any login identity management, only a few lines of code are required. We offer integrations for popular login providers such as Auth0.

Define what permissions your API requires. In anonymous mode, everyone can access this endpoint.

Define what permissions your API requires. In authorized mode, a user must have a valid OAuth 2.0 token.

Define what permissions your API requires. Advanced access control suitable for multi-tenant, micro-service and IoT architectures.

Define what users and apps can do. An access control list is a list of permissions attached to an actor (user, app, server, ...).

Define what users and apps can do. Role-based access control attaches an actor to groups, and groups to permissions.

Define what users and apps can do. Policies are powerful access control mechanisms that support regular expressions. They work like AWS IAM Policies.

Add a simple middleware to your server and activate access control for your API!

Developers First.

Security measures are often either clunky and inconvenient, or bound to underlying infrastructue like your cloud provider. We took extra care to ensure our software is easy to use and portable, no matter your current environment.

All of our security-relevant code is open source, and our flows and concepts are rooted in open standards (OAuth2, OpenID Connect) and industry best practices.

We love documentation

Good documentation is a prerequisite for easy integration. We make it painless to integrate with our stack.

It works everywhere

Ory technology works on the network, so we interfere as little as possible with your code. Just write your app.

We are here to help

The ORY ecosystem has an active and helpful community. We also offer professional consulting at reasonable rates.
Contact us now!

Proven in Production.

Teams all around the world use Ory to secure their most critical systems. We have not seen any critical security failures since inception, and we work every day to make that record last.

205.8m

Requests Secured

267.3k

Docker Pulls

0.0

GitHub Stars

Patreon Patreon

Mission-critical systems depend on fast patches and focused developers. That is why we have set up a Patreon to make supporting Ory as easy as possible for you. Whether you pitch in 50, 20 or 5 Dollars a month, your contribution helps ensure the sustainability of this project.

Patreon Auth0

We are proud to have Auth0 as Hydra gold sponsor. Auth0 solves the most complex identity use cases with an extensible and easy to integrate platform that secures billions of logins every year. At ORY, we use Auth0 in conjunction with Hydra for various internal projects.