Hello! I'm new in Ory ecosystem and I'm evaluatin...
# general
b
Hello! I'm new in Ory ecosystem and I'm evaluating use Ory open source modules in our new product/system. I'm a bit confused about Ory solutions/modules and which of them I need to use to fit my needs (specially keto and hydra). Could you help me? By the way, you are amazing, the docs are really good. Thanks in advance! My system needs to offer 3 types of user registration/login: - local accounts - social accounts (google, github) - existing corporate user directory services (e.g. microsoft active directory) Thus, we need to offer some capabilities of our system as a command line tool with access to our APIs for 3rd party integrations. For the first need, kratos seems to fit well, I'm right? For the second one, could we use kratos to issue some kind of token (e.g. and api key) to access the system? For AuthZ, would I need hydra, keto or oathkeeper? Or both? In my scenario I would like to: - protect access to my backend APIs (oathkeeper?) - validate user permissions to perform operations against objects according to some permissions rules (keto fits here? its the recommended way or its over engineering?) Again, thanks in advance!
👍 2
d
Hello. Yes, you’re right about Kratos usage for your case. Let me give you a brief description about the services 1. Oathkeeper is Identity proxy. You can use it in your infrastructure to enable zero trust for your microservices and oathkeeper proxies only authenticated or authorized requests to microservice 2. You need to use Hydra if you want to be oauth2 provider issue tokens and so on and so forth 3. Keto could help you to check access to resource. E.g Does this user has access to this resource or not.
- validate user permissions to perform operations against objects according to some permissions rules (keto fits here? its the recommended way or its over engineering?)
Keto fits here
- protect access to my backend APIs (oathkeeper?)
Yep. Looks like a good solution
For the second one, could we use kratos to issue some kind of token (e.g. and api key) to access the system?
Kratos supports social login features
b
Thank you for your attention Andrew!
For the second one, could we use kratos to issue some kind of token (e.g. and api key) to access the system?
In this case, considering the doc here (https://www.ory.sh/docs/kratos/admin/managing-users-identities#creating-a-machine-identity) its not possible yet, right?
Same for ldap login federation
m
You can achieve "machine identities" using Ory Hydra with OAuth2 Client Credentials. We will add more credential types in the future to Ory Kratos, so it will be working out of the box. As of today you still need Ory Hydra.
Ldap is a more complex issue, there is a huge discussion on it in ory/kratos: https://github.com/ory/kratos/issues/274 It is also achievable with Ory Hydra, for example using werther: https://github.com/i-core/werther //edit: But currently not supported officially by Ory.
b
I'll check these references, thanks!
m
@magnificent-energy-493 Any implementation of LDAP with Kratos?
m
1111 Views