Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Guys, i am wondering why i should use oauthkeeper instead of using kratos and keto directly. It looks more efficient for me to use directly kratos, for instance in any request i need to know who is the user that has performed the request, therefore in any request i should query kratos in order to know it (in this point i can with the same request chek also if the user is authenticated or not). What am I missing?

in our case we have multiple authentication sources (a legacy oauth-based login that we will migrate to kratos in the future, custom access tokens, and hydra oauth tokens) that we use oathkeeper to mutate into a single internal id_token so our internal services only have to know how to parse and validate the id_token, i wouldn’t use oathkeeper if just using kratos and keto were enough for our use cases, but this keeps our unfortunately complicated authn much more independent of our application logic

I would concur with Andrew here, Oathkeeper helps with some more convoluted/complex/legacy infrastructure, but if Ory Kratos &amp; Keto already solve everything you need no need to overcomplicate!