Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hello folks, I am working on creating a library for use keto in Loopback4 (I have already done the same for kratos). I have a design choice that I would like to get your opinion on.

As you may know, the @loopback/authorization package allows for the use of annotations to decorate controllers and methods with authorization information, such as resources, scopes, and allowed roles. My idea is to build upon this functionality by creating an extension that allows users to define their own authentication strategies, using these annotations to define the necessary tuples in a migration-like way.

I am interested in your thoughts on this approach, as you have experience with both the ORY Keto and Loopback 4 projects. Do you think this is a viable approach, or do you have any suggestions for alternative approaches that might be more effective?

<@U010UKXCPP0> <@U04DA2XTHPG>