This message was deleted.

Hi @agreeable-lifeguard-99976 What is your use case? I see before you wrote

We are working on a self-hosted POC to use Ory as a replacement across our many services mostly written in Ruby on Rails, some in Python and few NodeJS

Does this mean you require single sign on? or do you have multiple isolated tenants?

Hi, Currently we do not have tenants but some of the macro services do have roles and or policies.

Alright, so to clarify, you have many different applications which should all share the same sign in portal? or do you want them to have independent sign in flows but the same users?

Some will have independent sign-in flows but not the same users

I would first focus on integrating with the Ory Network using one of the quickstart examples. Here is the nodejs example https://www.ory.sh/docs/getting-started/integrate-auth/expressjs. It is a simple application which uses a redirect to the Account Experience (a UI bundled with your project). This is the fastest way to integrate since it uses normal browser redirects. I would then move to more advanced use cases, instead of a redirect, you manage the logic of calling the APIs to Ory and render your own UI. You can get started here quickly through Ory Elements. If you need more customization you can build the entire UI from scratch. Lastly the architecture of the system will really depend on what you are protecting. If you are simply running a NodeJS server which contains all of the logic (a monolith) then you do not need Oathkeeper since the session validation can happen within NodeJS. If you have many services communicating with each other requiring a user session, then you might need to deploy Oathkeeper in front of these services. However, Oathkeeper is not a requirement to make this work.

Great! Thanks for this.

Let us know how it went @agreeable-lifeguard-99976 🙂