Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It depends what your requirements are.

If you are "just" doing first-party login, session, and user mgmt then Ory Kratos is all you need. I would say in the majority of cases you would be fine with just Ory Kratos.

If you want 3rd party integrations, or become an IDP (think "login with $yourcorp"), or you migrate an existing system that relies on OAuth2 that you want to keep, or you have more complex auth flows where OAuth2 shines, then you want Ory Hydra.

If you want a "fine-grained" global, centralized authz system, complex and scalable authz as described by Google Zanzibar, then you want Ory Keto.

If you want to support SAML as well, you want Ory Polis.

If you want a "zero trust" setup, then you want Ory Oathkeeper.

That being said in almost all cases Kratos will be fine and you can pick and choose what you actually need.



Can you please review if this "simplification" is more or less accurate? :) https://chatgpt.com/s/69160cf5ed9481919a0a76a1e4f9ba93


sure, I would say its mostly correct. You can solve Permissions and API Gateway also differently - for example many use OAuth2 claims and scopes for permissions. I personally think that isn't good practice - like "first-party auth" I think its outside of the scope that OAuth2 was built for originally - but it works and many are used to building authz that way. You could also use the identity metadata on Kratos for permissions - this works well for simple RBAC usecases but if you want "large scale" and "finegrained" something like Ory Keto is probably the more reasonable choice.

Feel free to message me on the Ory Community Slack if you want to discuss further: https://slack.ory.com/




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: