IAM Security Insights

The Perils of Caching Keys in IAM: A Security Nightmare

Photo of Justin Dolly
Justin Dolly

Caching keys might seem like a performance boost, but it can expose your IAM architecture to severe security risks. Discover why real-time verification is critical.

Read

Ory Network

Personal Data Storage with Ory Network

Photo of Arne Luenser
Arne LuenserSoftware Engineer

How to reconcile data privacy regulation with a global IAM network?

Read

Ory Network

A New Chapter in IAM Innovation

Photo of Jeff Kukowski
Jeff Kukowski

Discover why I chose to join Ory and how its fresh approach to IAM is revolutionizing the industry.

Read

Tutorials

Deploying Ory Oathkeeper as an AWS Lambda Authorizer

Photo of Spencer Mitton
Spencer MittonFull Stack Developer

Learn how to set up and deploy Ory Oathkeeper as an AWS Lambda authorizer, giving you full control over your UI and providing a seamless user experience.

Read

Company Update

Ory Corp Taps new CEO and Raises $5 Million in Series A extension

Photo of Aeneas Rekkas
Aeneas RekkasFounder, CTO

Experienced enterprise security leader Jeff Kukowski joins Ory as CEO and new funding comes from Insight Partners and Balderton Capital.

Read

Ory Network

Ory Network or self-hosted?

Photo of Aeneas Rekkas
Aeneas RekkasFounder, CTO

Choose the right solution for your identity and access management needs with our guide to Ory Network and self-hosting.

Read

Ory Network

Ory Network Workspaces and fair pricing with aDAU

Photo of Aeneas Rekkas
Aeneas RekkasFounder, CTO

Ory has listened to your feedback and made changes to the pricing structure. Review our new transparent and accessible pricing plan.

Read

Guide

Run your own OAuth2 Server

Photo of Aeneas Rekkas
Aeneas RekkasFounder, CTO

In this guide, you will set up a hardened, fully functional OAuth2 Server and OpenID Connect provider using open source only. It will take you about ~10 minutes. We will use Ory Hydra (open source), a security-first OAuth2 and OpenID Connect server written in Golang.

Read

Company Update

Ory Summit 2023 Retrospective - Navigating the Future of Ory, Identity and Access Management

Photo of Vincent Kraus
Vincent KrausDeveloper Advocate

Join us as we look back on the Ory Summit 2023 and explore the key takeaways and insights from the event.

Read

Ory Network

Ory Network is now SOC 2 Type 2 certified

Photo of Andreas Bucksteeg
Andreas BucksteegVice President of Engineering

Ory has completed its SOC 2 Type 2 attestation. Here's what it means for you.

Read

Case Study

Why is it difficult and costly to run a user identity and access management solution yourself

Photo of Leonie Habermann
Leonie HabermannManaging Director

Ever wanted to know why managing your own user identity and access management solution yourself drains resources and skyrockets costs? Uncover the hidden challenges and pitfalls of a DIY identity solution.

Read

Ory Network

Why Build a Globally Distributed, Multi-Region Identity and Access Platform

Photo of Aeneas Rekkas
Aeneas RekkasFounder, CTO

Learn why Ory built a multi-region identity and access management (IAM) that is globally available, fast, and compliant with data privacy laws.

Read

Ory Network

Open Source Support Policy

Photo of The Ory Team
The Ory Team

Ory open source support policy to better serve businesses and community members

Read

Ory Network

Run your enterprise ready SSO Server in minutes

Photo of Vincent Kraus
Vincent KrausDeveloper Advocate

Unlock the power of single sign-on with our comprehensive tutorial on deploying an enterprise-grade OAuth2 server using open-source tools, empowering you to centralize authentication and enhance security with ease.

Read

Ory Hydra

Scaling Ory Hydra to ~2bn monthly OAuth2 flows on a single PostgreSQL DB

Photo of Henning Perl
Henning PerlSoftware Engineer

Performing over 1000 OAuth2 Authorization Code Grants per second on a single PostgreSQL database

Read

Ory Network

Introducing the All-New Ory Console

Photo of Klaus Herrmann
Klaus HerrmannHead of Product

Elevating Your Ory Administration Experience

Read



Ory Network

How businesses can prevent disaster with breached password detection

Photo of Vincent Kraus
Vincent KrausDeveloper Advocate

Breached password detection is an automated strategic solution to prevent leaked credentials from being used. Learn how to protect your users and business from password threats.

Read

Guide

Hop-by-hop Header Vulnerability in Go Standard Library Reverse Proxy

Photo of Patrik Neu
Patrik NeuSoftware Developer

Hop-by-hop header vulnerability in go standard library reverse proxy description and how to fix it

Read

Ory Network

Ory Network is now ISO 27001 Certified

Photo of The Ory Team
The Ory Team

Our Commitment to Protecting Your Data and Privacy.

Read


Authentication

Login and authentication in 2023 explained - Passkeys, Google Authenticator, TouchID

Photo of Aeneas Rekkas
Aeneas RekkasFounder, CTO

Explore the latest authentication methods and their benefits and drawbacks in this in-depth article. This article provides valuable insights into how to secure your online services with strong authentication mechanisms.

Read

Article

Modernize your customer interface while reducing costs: Replace Auth0 with Ory

Photo of Aeneas Rekkas
Aeneas RekkasFounder, CTO

Learn how to save money and improve customer value using Ory.

Read


Article

Upgrade to Ory SDKs v1.0

Photo of Aeneas Rekkas
Aeneas RekkasFounder, CTO

The Ory SDKs are now released as version 1.0!

Read

Ory Network

Say hello to Ory Elements 👋

Photo of Klaus Herrmann
Klaus HerrmannHead of Product

We built login and account management, so you don’t have to.

Read

Ory Network

Introducing the Ory Network

Photo of Klaus Herrmann
Klaus HerrmannHead of Product

A global network for end-to-end security

Read

Ory Network

Ory Hydra 2.0 is out!

Photo of Aeneas Rekkas
Aeneas RekkasFounder, CTO

A new milestone for Ory Hydra, the OpenID Certified OAuth 2.0 and OpenID Connect Server.

Read

Guide

Custom email templates with Ory

Photo of Vincent Kraus
Vincent KrausDeveloper Advocate

Customize email templates for all out-of-band communication. With code examples!

Read









Authentication

Understanding auth and its usage in modern software

Photo of Alano Terblanche
Alano TerblancheSoftware Developer

Do I need authentication or authorization? Do I require a session? Is a session a cookie or a token? Do I require JWTs or Cookies?

Read



Guide

How I built LoginWithHN using Ory Hydra

Photo of Vadosware
Vadosware

How Vadosware built LoginWithHN, an OAuth2+OpenID Connect provider for HackerNews using the Ory Hydra open source project.

Read

Guide

Add Authentication to your Flutter Web Applications with Ory Kratos

Photo of IGLU
IGLU

Add login, registration, user and profile management to Flutter web applications in minutes using the Ory Kratos open source project. Includes code examples for Dart!

Read


Guide

How to secure your Ory Network account with Yubikey

Photo of Vincent Kraus
Vincent KrausDeveloper Advocate

Use hardware tokens like Yubikey to secure Ory Network admin accounts.

Read

Ory Network

OAuth2.0 APIs for Ory Network on the horizon

Photo of The Ory Team
The Ory Team

OAuth2.0 for Ory Network is coming

Read

Article

How to bootstrap your first developer conference

Photo of Vincent Kraus
Vincent KrausDeveloper Advocate

Practical steps and tips for organizing a conference for your community, focused on developer and open source communities.

Read

Guide

Why you probably do not need OAuth2 / OpenID Connect

Photo of Aeneas Rekkas
Aeneas RekkasFounder, CTO

Adding OAuth2 / OpenID Connect to your application is a complex process. This article will help you understand why you do not need OAuth2 / OpenID Connect in most cases!

Read


Article

Securing the open source supply chain

Photo of Vincent Kraus
Vincent KrausDeveloper Advocate

The log4j vulnerability sparked a new discussion about open source maintainership and how it can be improved. This article summarizes the discussion and shows how Ory is addressing the problem.

Read

Company Update

The Ory Manifesto

Photo of The Ory Team
The Ory Team

A distillation of the key beliefs that underpin Ory as an organization.

Read

Guide

Add Custom Login, Registration, User Settings to Your Next.js & React Single Page Application (SPA)

Photo of Aeneas Rekkas
Aeneas RekkasFounder, CTO

Build custom login, registration, user settings, password recovery, email and phone verification pages to your Next.js React Single Page Application (SPA) using the ORY Kratos open source project. Includes code examples for TypeScript and Docker, and end-to-end tests!

Read

Guide

Add Authentication to your Next.js / React Single Page Application (SPA)

Photo of Aeneas Rekkas
Aeneas RekkasFounder, CTO

Add login, registration, user and profile management to Next.js Single Page Applications in minutes using the ORY Kratos open source project. Includes code examples for TypeScript and Docker, and end-to-end tests!

Read



Guide

Add Authentication to your React Native App

Photo of Aeneas Rekkas
Aeneas RekkasFounder, CTO

Add login, registration, user, and profile management to React Native mobile and desktop apps using the Ory Kratos open source project. Includes code examples for TypeScript and Docker!

Read


Article

The Evolution of Ory Keto: A Global Scale Authorization System

Photo of Vincent Kraus
Vincent KrausDeveloper Advocate

This article discusses the pioneering efforts by Ory to build the open source implementation of Google Zanzibar called Ory Keto. It will outline the motivation, challenges and concepts of building a global, low latency consistent access control system.

Read

Guide

Keeping Covid19 in check with Ory Dockertest

Photo of Vincent Kraus
Vincent KrausDeveloper Advocate

This article gives a short introduction to Dockertest and how Google is using it against Covid19, also an overview about the open-source virus response in general.

Read

Guide

Choose Argon2 Parameters for Secure Password Hashing and Login

Photo of Patrik Neu
Patrik NeuSoftware Developer

Pick recommended Argon2 (Argon2id, Argon2i) parameters (iteration, memory, parallelism) for secure login and password hashing, following security best practices using only open source.

Read



Guide

Write Better Migrations with SQL Tests

Photo of Patrik Neu
Patrik NeuSoftware Developer

Learn how to test SQL migrations in any environment. This guide will point out all the considerations we at ORY make when implementing SQL migration tests for our open source products.

Read

Ory Network

ORY Hydra v1.0 is Here!

Photo of Aeneas Rekkas
Aeneas RekkasFounder, CTO

We are very excited to announce the 1.0 release of ORY Hydra!

Read

Guide

OAuth2 with PKCE for Mobile Apps and Single Page Apps

Photo of Aeneas Rekkas
Aeneas RekkasFounder, CTO

Read this guide to learn how to implement authentication and authorization for mobile, browser, and native apps with better user experience and buffed security.

Read

Authentication

Impersonating users by abusing broken “Sign in with” implementations

Photo of Aeneas Rekkas
Aeneas RekkasFounder, CTO

Applications that implement a "Sign in with ..." flow must not use a mutable identifier to match external users to the internal user management system. Several web applications implementing "Sign in with GitHub" have been found to be vulnerable to this.

Read

Article

Zero Trust API Access Control on Kubernetes

Photo of Aeneas Rekkas
Aeneas RekkasFounder, CTO

Control access to your APIs with cloud native ORY Oathkeeper and the Ambassador Reverse Proxy on Kubernetes.

Read

Guide

Approaching Access Control on the Web

Photo of Aeneas Rekkas
Aeneas RekkasFounder, CTO

This is the first blog post of a multi-part series about control on the web. The goal of this series is to be the go-to guide for anyone that needs help with setting up access control (authentication & authorization) for their web application.

Read

Guide

Accurate Code Coverage in Go

Photo of Aeneas Rekkas
Aeneas RekkasFounder, CTO

Get accurate Golang (Go) code coverage reports using go-acc. Your test might perform better than you think!

Read