Developer Blog & Articles

React Native Authentication

Add Authentication to your React Native App

Aeneas Rekkas - July 08, 2021

Add login, registration, user and profile management to React Native mobile and desktop apps using the ORY Kratos open source project. Includes code examples for TypeScript and Docker! Read more

API Security & OAuth Server

Run your own OAuth2 Server

Aeneas Rekkas - July 08, 2021

In this guide, you will set up a hardened, fully functional OAuth2 Server and OpenID Connect provider using open source only. It will take you about ~10 minutes. We will use Ory Hydra (open source), a security-first OAuth2 and OpenID Connect server written in Golang. Read more

Try out Ory Keto with this simple, easy to follow real world example!

Looking at Zanzibar through Ory Keto

Radek Gruchalski - May 05, 2021

A hands-on example of Ory Keto based on a real use case. Try out the capabilities of an open source implementation of the Google Zanzibar authorization system with code examples! Read more

Next-Generation Ory Keto - An open source Google Zanzibar

The Evolution of Ory Keto: A Consistent, Global Authorization System

Vincent Kraus - April 26, 2021

This article discusses the pioneering efforts by Ory to build the open source implementation of Google Zanzibar called Ory Keto. It will outline the motivation, challenges and concepts of building a global, low latency consistent access control system. Read more

Dockertest - Automated Database Testing in Docker

Keeping Covid-19 in check with ORY Dockertest

Vincent Kraus - December 02, 2020

This article gives a short introduction to Dockertest and how Google is using it against Covid19, also an overview about the open-source virus response in general. Read more

Secure Password Hashing and Login

Choose Argon2 Parameters for Secure Password Hashing and Login

Patrik Neu - November 11, 2020

Pick recommended Argon2 (Argon2id, Argon2i) parameters (iteration, memory, parallelism) for secure login and password hashing, following security best practices using only open source. Read more

Kubernetes & Knative

Deploy ORY Kratos with Knative and Kubernetes in Minikube

Kim Neunert - October 01, 2020

Run ORY Kratos as a serverless service on Kubernetes and Knative with scale-to-zero deployments. Read more

Modern Application Architecture

Ory and Modern Application Architecture

Lee Atchison - September 03, 2020

A short introduction into modern application architecture and ORY's thinking and philosophy around software development. Read more

Testing and Continuous Integration

Write Better Migrations with SQL Tests

Patrik Neu - April 27, 2020

Learn how to test SQL migrations in any environment. This guide will point out all the considerations we at ORY make when implementing SQL migration tests for our open source products. Read more

Releases

ORY Hydra v1.0 is Here!

Aeneas Rekkas - June 01, 2019

We are very excited to announce the 1.0 release of ORY Hydra! Read more

Mobile & Native App Security

OAuth2 with PKCE for Mobile Apps and Single Page Apps

Aeneas Rekkas - June 01, 2019

Read this guide to learn how to implement authentication and authorization for mobile, browser, and native apps with better user experience and buffed security. Read more

Disclosure

Impersonating users by abusing broken “Sign in with” implementations

Aeneas Rekkas - November 27, 2018

Applications that implement a "Sign in with ..." flow must not use a mutable identifier to match external users to the internal user management system. Several web applications implementing "Sign in with GitHub" have been found to be vulnerable to this. Read more

Controlling Access to APIs in the Cloud

Zero Trust API Access Control on Kubernetes

Aeneas Rekkas - August 18, 2018

Control access to your APIs with cloud native ORY Oathkeeper and the Ambassador Reverse Proxy on Kubernetes. Read more

The definitive guide to future-proof web & API-access control

Approaching Access Control on the Web

Aeneas Rekkas - August 08, 2018

This is the first blog post of a multi-part series about control on the web. The goal of this series is to be the go-to guide for anyone that needs help with setting up access control (authentication & authorization) for their web application. Read more

Code & Productivity

Accurate Code Coverage in Go

Aeneas Rekkas - February 20, 2018

Get accurate Golang (Go) code coverage reports using go-acc. Your test might perform better than you think! Read more