Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hey everyone, I hope you don't mind this noob question :slightly_smiling_face:

I reached out here because I have an app that is protected by API keys that is being used by some external users(machines) already.
It has been in my backlog to replace my API key system to use OAuth2.0 client credentials for Machine to Machine comms.

1. I think I can use Ory Hydra for that, which generates out a client_id and secret then it handles the token mechanism
• However I don't know, how I can utilize Ory to my own system for example, my use case (Given access token from Ory Hydra, Machine X can access object Y). Should Ory Hydra be enough since it's an AuthZ tool?
2. Or I need to utilize Ory Keto for that to make sure that the AuthZ works for my use case?

So far, I'm still on the reading phase. So I don't know if I'm in the right path yet. but I appreciate it if you have this use case before and share some stories/ tips about it. Thank you :bow: