This message was deleted.

Hello. I use Go for my examples of Ory stack. The blog posts are coming to the blog with more examples of using Ory stack. Here’s an working example of using Oathkeeper+Kratos with Go and Vue https://github.com/gen1us2k/shorts (Work is in progress, but there are useful examples for you) Another example with gRPC (incomplete yet, but uses Kratos mostly) Right now I’m working on Keto+Hydra examples and they can be finished in couple of weeks. Feel free to ask questions about Go and Ory stack in general

Thanks a lot for the examples @User! We have recently added Kratos to our frontend, and are preparing to add Keto very soon. These are very valuable!

I have plans to create a real-life examples of using Ory Keto too. Maybe shorts project would be a best for that purpose. Anyways, feel free to ask questions

Sounds good! My initial idea for a Keto layer was to define an interface with an access control check method that takes in a

namespace

,

object

, and

relation

, along with a context (pre-filled with the user ID at auth middleware layer). I will then implement that with a Keto client and Keto check code using the user ID from the context. This is then injected as a dependency to the parts of our system that we will need to perform access control checks. I should theoretically be able to call this method, passing in the context that has been passed down from our Go-kit endpoints, which also contains the user ID, and perform the various checks against our relation tuples. Do you think this seem like a reasonable direction?

Yep. Sounds good. Requests passed to Keto should be authenticated and authorized. One can have this implemented using the following scenarios 1. Using oathkeeper as IAP proxy 2. Using middlewares for your applications 3. Using both methods above But the direction you chose looks good enough. I used the same approach for pythonic application that runs in production right now 1. Authentication middleware to check authentication 2. Access control decorators to check access to the resource (requires user to be authenticated)

Oh great! This is almost exactly what we are planning. Thanks for the input! 🙌

Thanks @User I'll take a look at them.