https://www.ory.sh/ logo
Join Slack
Powered by
This message was deleted.
# general
m
This message was deleted.
👍 2
d
Hello. Yes, you’re right about Kratos usage for your case. Let me give you a brief description about the services 1. Oathkeeper is Identity proxy. You can use it in your infrastructure to enable zero trust for your microservices and oathkeeper proxies only authenticated or authorized requests to microservice 2. You need to use Hydra if you want to be oauth2 provider issue tokens and so on and so forth 3. Keto could help you to check access to resource. E.g Does this user has access to this resource or not.
- validate user permissions to perform operations against objects according to some permissions rules (keto fits here? its the recommended way or its over engineering?)
Keto fits here
- protect access to my backend APIs (oathkeeper?)
Yep. Looks like a good solution
For the second one, could we use kratos to issue some kind of token (e.g. and api key) to access the system?
Kratos supports social login features
b
Thank you for your attention Andrew!
For the second one, could we use kratos to issue some kind of token (e.g. and api key) to access the system?
In this case, considering the doc here (https://www.ory.sh/docs/kratos/admin/managing-users-identities#creating-a-machine-identity) its not possible yet, right?
Same for ldap login federation
m
You can achieve "machine identities" using Ory Hydra with OAuth2 Client Credentials. We will add more credential types in the future to Ory Kratos, so it will be working out of the box. As of today you still need Ory Hydra.
Ldap is a more complex issue, there is a huge discussion on it in ory/kratos: https://github.com/ory/kratos/issues/274 It is also achievable with Ory Hydra, for example using werther: https://github.com/i-core/werther //edit: But currently not supported officially by Ory.
b
I'll check these references, thanks!
m
@magnificent-energy-493 Any implementation of LDAP with Kratos?
m
1144 Views
Open in Slack
PreviousNext
Powered by