Tutorial
In this guide, you will set up a hardened, fully functional OAuth 2.0 (OAuth2) server. It will take you about ~15 minutes. We will use ORY Hydra (open source), a security-first OAuth2 and OpenID Connect server written in Golang.
Milestones
We are very excited to announce the 1.0 release of ORY Hydra!
Mobile & Native App Security
Read this guide to learn how to implement authentication and authorization for mobile, browser, and native apps with better user experience and buffed security.
Disclosure
Applications that implement a "Sign in with ..." flow must not use a mutable identifier to match external users to the internal user management system. Several web applications implementing "Sign in with GitHub" have been found to be vulnerable to this.
Tutorial
Control access to your APIs with cloud native ORY Oathkeeper and the Ambassador Reverse Proxy on Kubernetes.
Article
This is the first blog post of a multi-part series about control on the web. The goal of this series is to be the go-to guide for anyone that needs help with setting up access control (authentication & authorization) for their web application.
Code & Productivity
This article introduces you to the problem of reporting accurate code coverage using the Go programming language, and offers a solution that runs on any Operating System.
