Developer Blog & Articles
Try out Ory Keto with this simple, easy to follow real world example!
Looking at Zanzibar through Ory Keto
A hands-on example of Ory Keto based on a real use case. Try out the capabilities of an open source implementation of the Google Zanzibar authorization system with code examples!
Radek Gruchalski - May 05, 2021
Next-Generation Ory Keto - An Open Source Google Zanzibar
The Evolution of Ory Keto: A Consistent, Global Authorization System
This article discusses the pioneering efforts by Ory to build the open source implementation of Google Zanzibar called Ory Keto. It will outline the motivation, challenges and concepts of building a global, low latency consistent access control system.
Vincent Kraus - April 26, 2021
API Security & OAuth Server
Run your own OAuth2 Server
In this guide, you will set up a hardened, fully functional OAuth2 Server and OpenID Connect provider using open source only. It will take you about ~10 minutes. We will use ORY Hydra (open source), a security-first OAuth2 and OpenID Connect server written in Golang.
Aeneas Rekkas - January 01, 2021
Dockertest - Automated Database Testing in Docker
Keeping Covid-19 in check with ORY Dockertest
This article gives a short introduction to Dockertest and how Google is using it against Covid19, also an overview about the open-source virus response in general.
Vincent Kraus - December 02, 2020
React Native Authentication
Add Authentication to your React Native App
Implement your own auth, login, registration, user and profile management for native mobile and desktop apps using React Native and ORY Kratos Open Source. With code examples in TypeScript and Docker.
Aeneas Rekkas - November 20, 2020
Secure Password Hashing and Login
Choose Argon2 Parameters for Secure Password Hashing and Login
Pick recommended Argon2 (Argon2id, Argon2i) parameters (iteration, memory, parallelism) for secure login and password hashing, following security best practices using only open source.
Patrik Neu - November 11, 2020
Kubernetes & Knative
Deploy ORY Kratos with Knative and Kubernetes in Minikube
Run ORY Kratos as a serverless service on Kubernetes and Knative with scale-to-zero deployments.
Kim Neunert - October 01, 2020
Modern Application Architecture
Ory and Modern Application Architecture
A short introduction into modern application architecture and ORY's thinking and philosophy around software development.
Lee Atchison - September 03, 2020
Testing and Continuous Integration
Write Better Migrations with SQL Tests
Learn how to test SQL migrations in any environment. This guide will point out all the considerations we at ORY make when implementing SQL migration tests for our open source products.
Patrik Neu - April 27, 2020
ORY Hydra v1.0 is Here!
We are very excited to announce the 1.0 release of ORY Hydra!
Aeneas Rekkas - June 01, 2019
Mobile & Native App Security
OAuth2 with PKCE for Mobile Apps and Single Page Apps
Read this guide to learn how to implement authentication and authorization for mobile, browser, and native apps with better user experience and buffed security.
Aeneas Rekkas - June 01, 2019
Impersonating users by abusing broken “Sign in with” implementations
Applications that implement a "Sign in with ..." flow must not use a mutable identifier to match external users to the internal user management system. Several web applications implementing "Sign in with GitHub" have been found to be vulnerable to this.
Aeneas Rekkas - November 27, 2018
Controlling Access to APIs in the Cloud
Zero Trust API Access Control on Kubernetes
Control access to your APIs with cloud native ORY Oathkeeper and the Ambassador Reverse Proxy on Kubernetes.
Aeneas Rekkas - August 18, 2018
The definitive guide to future-proof web & API-access control
Approaching Access Control on the Web
This is the first blog post of a multi-part series about control on the web. The goal of this series is to be the go-to guide for anyone that needs help with setting up access control (authentication & authorization) for their web application.
Aeneas Rekkas - August 08, 2018