Open Source OAuth 2.0 & OpenID Connect

Developer-first Access Management.

Designed to Scale.

Changing architecture is expensive, so no matter what stage of development you’re in, you’ll want to think about scalability from the beginning. Whether you need to give third parties access to your systems, authorize mobile apps or IoT devices, or deal with multi-server environments: our systems have your back.

Ory systems are language-independent. We've seen results with projects written in Java, PHP, Golang, Node.js, Ruby, and others.

Serlo Education
Raspberry PI

Open Source Overview.

ORY Hydra - Hardened OAuth 2.0 & OpenID Connect Server.

Adopt OAuth 2.0 for your APIs and web services. Become an Identity Provider like Google, Facebook, or Microsoft with OpenID Connect.

ORY Hydra is the most popular OAuth 2.0 and OpenID Connect server. It integrates with every identity management and meets or exceeds security best practices.

ORY Oathkeeper - Zero Trust Identity & Access Proxy.

Enforce Access Control right where you need it - before fraudulent requests reach your system.

ORY Oathkeeper is a reverse proxy which checks whether requests to your APIs should be allowed or not. No more adding isAllowed() everywhere in your code.

ORY Keto - Cloud Native Access Control.

A cloud native access control server modeled after AWS IAM Policies.

ORY Keto solves complex permission systems (multi-tenant, attribute-based access control, ...) with access control policies (IAM Policies).

ORY Console - Administrative User Interface.

Run and control your access management from one central web app.

The ORY Security Console connects with your existing ORY Hydra and ORY Oathkeeper installation and lets you manage and monitor them through an intuitive UI.

// The presented developer experience is still in development.
// Low level SDKs exist and are documented.
const router = require('express')();
const ory = require('ory')()"/login", (req, res) => {
  if (req.body.username === 'test' && req.body.password === 'secret') {
      subject: req.body.username,
      scopes: ['some', 'scopes']
    }, req)    
  res.send('Username and password are not correct');
  "matchesMethods": ["GET"],
  "matchesUrl": "",
  "mode": "anonymous"
$ hydra permissions add my-user some-permission
$ hydra permissions list my-user
  "subject": "my-user",
  "permissions": ["some-permission"]

$ hydra permissions remove my-user some-permission
const router = require('express')();
const ory = require('ory')
const middleware = ory().auth().createMiddleware()

  (req, res, next) => {
      message: "Yay! You're allowed to access this!",
      user: req.user
  • 1. Integrate Login
  • 2. Define API Access Rule
  • 3. Define User Access Rights
  • 4. Protect API Endpoint

ORY works with any login identity management, only a few lines of code are required. We offer integrations for popular login providers.

Define what permissions your API requires. In anonymous mode, everyone can access this endpoint.

Define what permissions your API requires. In authorized mode, a user must have a valid OAuth 2.0 token.

Define what permissions your API requires. Advanced access control suitable for multi-tenant, micro-service and IoT architectures.

Define what users and apps can do. An access control list is a list of permissions attached to an actor (user, app, server, ...).

Define what users and apps can do. Role-based access control attaches an actor to groups, and groups to permissions.

Define what users and apps can do. Policies are powerful access control mechanisms that support regular expressions. They work like AWS IAM Policies.

Add a simple middleware to your server and activate access control for your API!

Developers First.

Security measures are often either clunky and inconvenient, or bound to underlying infrastructue like your cloud provider. We took extra care to ensure our software is easy to use and portable, no matter your current environment.

All of our security-relevant code is open source, and our flows and concepts are rooted in open standards (OAuth2, OpenID Connect) and industry best practices.

We love documentation

Good documentation is a prerequisite for easy integration. We make it painless to integrate with our stack.

It works everywhere

Ory technology works on the network, so we interfere as little as possible with your code. Just write your app.

We are here to help

The ORY ecosystem has an active and helpful community. We also offer professional consulting at reasonable rates.
Contact us now!

Proven in Production.

Teams all around the world use Ory to secure their most critical systems. We have not seen any critical security failures since inception, and we work every day to make that record last.


Requests Secured


Docker Pulls


GitHub Stars

Patreon Patreon

Mission-critical systems depend on fast patches and focused developers. That is why we have set up a Patreon to make supporting ORY as easy as possible for individuals. Whether you pitch in 50, 20 or 5 Dollars a month, your contribution helps ensure the sustainability of this project.

Open Collective Open Collective

Your company extracts value form the ORY ecosystem and is ready to ensure the future of reliable and secure open source software with a sponsorship but requires transparency how funds are being used? Then head over to our Open Collective page and chip in!