Developer Blog & Articles

Add login, registration, user and profile management to React Native mobile and desktop apps using the ORY Kratos open source project. Includes code examples for TypeScript and Docker! Read more

In this guide, you will set up a hardened, fully functional OAuth2 Server and OpenID Connect provider using open source only. It will take you about ~10 minutes. We will use Ory Hydra (open source), a security-first OAuth2 and OpenID Connect server written in Golang. Read more

A hands-on example of Ory Keto based on a real use case. Try out the capabilities of an open source implementation of the Google Zanzibar authorization system with code examples! Read more

This article discusses the pioneering efforts by Ory to build the open source implementation of Google Zanzibar called Ory Keto. It will outline the motivation, challenges and concepts of building a global, low latency consistent access control system. Read more

This article gives a short introduction to Dockertest and how Google is using it against Covid19, also an overview about the open-source virus response in general. Read more

Pick recommended Argon2 (Argon2id, Argon2i) parameters (iteration, memory, parallelism) for secure login and password hashing, following security best practices using only open source. Read more

Run ORY Kratos as a serverless service on Kubernetes and Knative with scale-to-zero deployments. Read more

A short introduction into modern application architecture and ORY's thinking and philosophy around software development. Read more

Learn how to test SQL migrations in any environment. This guide will point out all the considerations we at ORY make when implementing SQL migration tests for our open source products. Read more

We are very excited to announce the 1.0 release of ORY Hydra! Read more

Read this guide to learn how to implement authentication and authorization for mobile, browser, and native apps with better user experience and buffed security. Read more

Applications that implement a "Sign in with ..." flow must not use a mutable identifier to match external users to the internal user management system. Several web applications implementing "Sign in with GitHub" have been found to be vulnerable to this. Read more

Control access to your APIs with cloud native ORY Oathkeeper and the Ambassador Reverse Proxy on Kubernetes. Read more

This is the first blog post of a multi-part series about control on the web. The goal of this series is to be the go-to guide for anyone that needs help with setting up access control (authentication & authorization) for their web application. Read more

Get accurate Golang (Go) code coverage reports using go-acc. Your test might perform better than you think! Read more