Developer Blog & Articles

Try out Ory Keto with this simple, easy to follow real world example!

Looking at Zanzibar through Ory Keto

A hands-on example of Ory Keto based on a real use case. Try out the capabilities of an open source implementation of the Google Zanzibar authorization system with code examples!

Radek Gruchalski - May 05, 2021

Next-Generation Ory Keto - An Open Source Google Zanzibar

The Evolution of Ory Keto: A Consistent, Global Authorization System

This article discusses the pioneering efforts by Ory to build the open source implementation of Google Zanzibar called Ory Keto. It will outline the motivation, challenges and concepts of building a global, low latency consistent access control system.

Vincent Kraus - April 26, 2021

API Security & OAuth Server

Run your own OAuth2 Server

In this guide, you will set up a hardened, fully functional OAuth2 Server and OpenID Connect provider using open source only. It will take you about ~10 minutes. We will use ORY Hydra (open source), a security-first OAuth2 and OpenID Connect server written in Golang.

Aeneas Rekkas - January 01, 2021

Dockertest - Automated Database Testing in Docker

Keeping Covid-19 in check with ORY Dockertest

This article gives a short introduction to Dockertest and how Google is using it against Covid19, also an overview about the open-source virus response in general.

Vincent Kraus - December 02, 2020

React Native Authentication

Add Authentication to your React Native App

Implement your own auth, login, registration, user and profile management for native mobile and desktop apps using React Native and ORY Kratos Open Source. With code examples in TypeScript and Docker.

Aeneas Rekkas - November 20, 2020

Secure Password Hashing and Login

Choose Argon2 Parameters for Secure Password Hashing and Login

Pick recommended Argon2 (Argon2id, Argon2i) parameters (iteration, memory, parallelism) for secure login and password hashing, following security best practices using only open source.

Patrik Neu - November 11, 2020

Kubernetes & Knative

Deploy ORY Kratos with Knative and Kubernetes in Minikube

Run ORY Kratos as a serverless service on Kubernetes and Knative with scale-to-zero deployments.

Kim Neunert - October 01, 2020

Modern Application Architecture

Ory and Modern Application Architecture

A short introduction into modern application architecture and ORY's thinking and philosophy around software development.

Lee Atchison - September 03, 2020

Testing and Continuous Integration

Write Better Migrations with SQL Tests

Learn how to test SQL migrations in any environment. This guide will point out all the considerations we at ORY make when implementing SQL migration tests for our open source products.

Patrik Neu - April 27, 2020

Releases

ORY Hydra v1.0 is Here!

We are very excited to announce the 1.0 release of ORY Hydra!

Aeneas Rekkas - June 01, 2019

Mobile & Native App Security

OAuth2 with PKCE for Mobile Apps and Single Page Apps

Read this guide to learn how to implement authentication and authorization for mobile, browser, and native apps with better user experience and buffed security.

Aeneas Rekkas - June 01, 2019

Disclosure

Impersonating users by abusing broken “Sign in with” implementations

Applications that implement a "Sign in with ..." flow must not use a mutable identifier to match external users to the internal user management system. Several web applications implementing "Sign in with GitHub" have been found to be vulnerable to this.

Aeneas Rekkas - November 27, 2018

Controlling Access to APIs in the Cloud

Zero Trust API Access Control on Kubernetes

Control access to your APIs with cloud native ORY Oathkeeper and the Ambassador Reverse Proxy on Kubernetes.

Aeneas Rekkas - August 18, 2018

The definitive guide to future-proof web & API-access control

Approaching Access Control on the Web

This is the first blog post of a multi-part series about control on the web. The goal of this series is to be the go-to guide for anyone that needs help with setting up access control (authentication & authorization) for their web application.

Aeneas Rekkas - August 08, 2018

Code & Productivity

Accurate Code Coverage in Go

Get accurate Golang (Go) code coverage reports using go-acc. Your test might perform better than you think!

Aeneas Rekkas - February 20, 2018