hey everyone i am trying to get my head around the design of Ory Community #general

hey everyone. i am trying to get my head around th...

hundreds-psychiatrist-38730

10/12/2021, 3:14 PM

hey everyone. i am trying to get my head around the design of everything. so my frontend will ofc be a vue/nuxtjs app which would ofc require a custom api to get it’s data from. But here my question, how should I implement it around Kratos, Hydra & Keto ? Would I deploy/build my app’s user management around a subdomain e.g. called

auth.domain.tld

which has Kratos. Then have another domain for Hydra, e.g.

passport.domain.tld

or an internal domain which my own api only would know. Then have Keto for the ACL for all my users (end users, staff etc) ?

👀 1

magnificent-energy-493

10/12/2021, 4:00 PM

Are you sure you need all three from the start? It depends on your use case of course, but most often it is best to start with Ory Kratos and go from there. This is also a good document to figure it out: https://www.ory.sh/hydra/docs/next/concepts/before-oauth2/

magnificent-energy-493

10/12/2021, 4:01 PM

A community member recently did a full docker-compose setup for all four core projects: https://github.com/radekg/ory-reference-compose

👍 2

hundreds-psychiatrist-38730

10/12/2021, 5:36 PM

I wouldn’t need hydra from a pure UX pov

hundreds-psychiatrist-38730

10/12/2021, 5:39 PM

maybe i haven’t looked deep enough into Kratos for the permissions part.

hundreds-psychiatrist-38730

10/12/2021, 5:45 PM

maybe reading through the “self-service” part would tell me exactly what to do. also to auth my api etc

brash-insurance-92266

10/13/2021, 10:12 AM

@hundreds-psychiatrist-38730 I imagine ory cloud could be an answer if you're looking for using ory as a service 🙂

👍 1

magnificent-energy-493

10/13/2021, 10:39 AM

Yes, if you want to forgo running Ory Kratos and other yourself and leave securing endpoints/UI/database as well as upgrading and managing everything to us, we are offering Ory Cloud. It is in early access at the moment, and we will upgrade to open beta soon 🚀 Right now you can sign up at https://console.ory.sh/registration and request early access.

magnificent-energy-493

10/13/2021, 10:42 AM

Otherwise @hundreds-psychiatrist-38730 I would definitely recommend doing the Ory Kratos Quickstart, and also reading the Concepts documentation. When you have covered these basics you can try setting up a PoC with the Self-Service docs. For reference you can also find something useful in the community projects.

hundreds-psychiatrist-38730

10/14/2021, 3:09 PM

oh i know @brash-insurance-92266 but i work as an SRE/DevOps so i would rather tinker with it my self and host it my self 😛

bitter-coat-49094

10/18/2021, 8:36 AM

we use login.company.tld for the login page (for now required in Web because of Form posts as Kratos performs redirects with secure cookie. Due to Ory applicative architecture choice for now, i think it is mendatory to host such an SSO page. We tried doing it in pure Flutter (with for web) but "most javascript SPA" based ones wont work here as you can't access the redirected secure cookie for the self user modification). Then we have kratos proxied for now for i18n and hydra for token management, on backend we use oathkeeper and then Keto v2 called by gRPC interceptors for authorization. I will be talking about Pvotal Keto utilisation at Ory Summit on the 28th https://events.hubilo.com/ory-summit/home

👀 1

🙌 2

5 Views

Open in Slack

Previous Next