I am struggling to understand how to offer multipl...
# talk-kratosc
curved-oxygen-35290
03/02/2023, 9:39 PMI am struggling to understand how to offer multiple ways of logging in - say, email/password & google & github
The examples I've seen are single-provider - and request a flowid - is there a way of getting a list of the available flows with their id.
Ideally, I'd love to pick apart a project that implements this - does anyone know of such a beast ? 😉
q
quick-barista-10563
03/02/2023, 10:32 PMKratos returns a list of nodes that represent the relevant logins
This was not very clear to me in the docs, but it helped to see the react-spa example in the elements repo. This was by far the closest to my env, and the components there implement this magic for you
https://github.com/ory/elements/tree/main/examples/react-spa
quick-barista-10563
03/02/2023, 10:42 PMI think this is the correct doc location:
https://www.ory.sh/docs/kratos/self-service#form-rendering
s
shy-beach-55709
03/09/2023, 5:52 PM@curved-oxygen-35290 hey there! I've been struggling configuring azure ad as oidc, I'm getting a 404 on the callback. Did you face this issue? How did you solve it?
c
curved-oxygen-35290
03/09/2023, 6:05 PMsorry havent made it that far 🙂
s
shy-beach-55709
03/09/2023, 8:12 PMsadkek @magnificent-energy-493 @high-optician-2097 @proud-plumber-24205 could someone of you give a hand on this?
shy-beach-55709
03/09/2023, 8:16 PMI'm facing the following issue:
• I'm running kratos and a mysql in k8s, that' seems to work.
• I have added an app login using this: https://github.com/ory/kratos-selfservice-ui-react-nextjs
• the bottom to sing in with microsfot appears correctly. When clicking on it redirects to the microsfot login, which is correct. However, once the credentials have been inserted, it redirects to
<http://localhost:4455/self-service/methods/oidc/callback/microsoft?code=BLABLA&state=BLABLA&session_state=BLABLA>q
quick-barista-10563
03/09/2023, 10:44 PMThe self callback endpoint I believe is on the kratos daemon
But it seems like the request is going to the self serve ui
m
magnificent-energy-493
03/10/2023, 12:13 PM
Getting OIDC to work locally is not trivial, we use ory tunnel for this with Ory Network. I am not sure if the same method works when selfhosting or what the best method is to test this when self-hosting. Maybe something like Cloudflare Tunnels?
s
shy-beach-55709
03/10/2023, 12:20 PMI'm not familiar with Cloudfare Tunnels, would you provide further guidance?
shy-beach-55709
03/10/2023, 12:22 PM@quick-barista-10563 by saying that the self callback endpoint is on the kratos daemon, what exactly do you mean? I'm thinking maybe there is a possibility of making a redirect from that self serve ui to the kratos daemon to make it work?
q
quick-barista-10563
03/10/2023, 1:19 PMThis gets confusing when we are using localhost and ports for everything
I host my equivalent of self service UI on login.domain.com
And I host kratos on kratos.domain.com
After you click "sign in with Google" or whatever you go through several redirects on Google / YouTube (lol long story) side then it should redirect you to
kratos.domain.com/self-service/methods/oidc
Your current one is redirecting to login.domain.com which doesn't have that endpoint at all
One that is fixed, kratos.domain.com/self-service/methods/oidc will redirect you back to your self service landing after doing a set cookie with your session (depending on config)
s
shy-beach-55709
03/10/2023, 2:41 PMAnd how could I configure it if I want to keep it running locally?
q
quick-barista-10563
03/10/2023, 2:47 PMI would try a hosts file defining domains for your local machine and a reverse proxy listening on 80/443 routing to the correct port based off of the host header
This is a standard nginx vhost setup
You could also do something with a local k3s and an ingress doing your reverse proxy
s
shy-beach-55709
03/10/2023, 3:48 PM@quick-barista-10563 Mmm...Okay, I'll try. Btw, is there a containerized image or helm chart of this? https://github.com/ory/kratos-selfservice-ui-react-nextjs
q
quick-barista-10563
03/10/2023, 4:00 PMI don't think of that specific one
However this is similar enough :)
https://github.com/ory/k8s/tree/master/helm/charts/kratos-selfservice-ui-node
quick-barista-10563
03/10/2023, 4:02 PMAlso if you want to integrate it into your own react code you can use these components which I found useful (maybe not actually components, I'm not strong in FE)
https://github.com/ory/elements
s
shy-beach-55709
03/10/2023, 4:08 PMWe had this one implementedhttps://github.com/ory/k8s/tree/master/helm/charts/kratos-selfservice-ui-node in k8s but id doesn't recognize the loggin, so we tried running on our local machine the raectnextjs and connect it with kratos (which IS running in k8s). Do you think we could have a meeting next Tuesday afternoon to get your help on this?
shy-beach-55709
03/10/2023, 4:20 PM@quick-barista-10563 this is what happens with the helm chartof kratos:
• Home page loads ok with ingress endpoint
• When clicking on the other pages, the url becomes localhost:4455,and we get a couldn't connect to the servererror
q
quick-barista-10563
03/10/2023, 4:50 PMI think you need to set baseurl up, it's in the config / helm config
https://github.com/ory/k8s/blob/master/helm/charts/kratos-selfservice-ui-node/values.yaml#L135
The other services (kratos) should have one too
quick-barista-10563
03/10/2023, 4:52 PMHrm I can't find it in kratos right now...
quick-barista-10563
03/10/2023, 4:54 PMAh it's in serve public base_url
https://github.com/ory/kratos/issues/2573
Iirc the helm chart let's you nest a full kratos config inside of the values
s
shy-beach-55709
03/14/2023, 1:19 PMI've set the baseurl, yes. I've tried setting the localhost, the service name:port and the endpoint, to no avail @quick-barista-10563
shy-beach-55709
03/14/2023, 1:38 PM@proud-plumber-24205 @many-manchester-13414 @bland-eye-99092 hey, do you think we could have a meeting with you to see if you could help us unblock this issue? We're blocked and would love to be able to use ORY Kratos integrated with our app 🙂
p
proud-plumber-24205
03/14/2023, 1:44 PMHey @shy-beach-55709
Are you an Ory Network customer? We would be happy to help if the problem is related to your Ory Network project.
For self hosting we can't always help due to resource constraints.
s
shy-beach-55709
03/14/2023, 1:49 PMWe would like to have it on our k8s cluster because that's where all our apps are, at least in this stage in which we are testing and validating. I understand about limited resources, but if not possible to have a meeting to see this blocker, could you provide some futher guidance? We've spent days going through the documentation and still haven't been able to figure this out, which is frustrating while also preventing us from testing Ory with our apps to see if it meets our needs or not.
p
proud-plumber-24205
03/14/2023, 1:57 PMIt's really difficult to debug self-hosting issues since it can be a variety of problems, configuration, network (docker) as well as the UI integration. This is in-fact why we built the Ory Network so you don't need to sit with debugging problems like these. I unfortunately cannot spend time debugging these kind of setup problems due to resource constraints.
If you, however, believe this to be a problem with Kratos, I would advise you to open a discussion https://github.com/ory/kratos/discussions or issue https://github.com/ory/kratos/issues where we (the engineering team) can more effectively assist you.
q
quick-barista-10563
03/14/2023, 2:59 PMWhen you set base url was there any change??
I spent a lot of time mixing up the format of the standard config with the helm config
quick-barista-10563
03/14/2023, 3:00 PMI can potentially share my helm config but I'm not using the UI bits
s
shy-beach-55709
03/14/2023, 4:53 PMBasically, this is my yaml. I think the error is on the urls. i understand I should have two endpoints: one for ory-kratos-admin service and another one for ory-kratos-public.
Copy code
kratos:
config:
dsn: memory
identity:
default_schema_id: default
schemas:
- id: default
url: file:///etc/config/identity.default.schema.json
courier:
smtp:
connection_uri: <smtps://myuser:secret@mail.example.com:587/?skip_ssl_verify=true>
serve:
public:
base_url: ory-kratos-public
cors:
enabled: true
admin:
base_url: ory-kratos-admin
session:
cookie:
same_site: Lax
selfservice:
default_browser_return_url: ory-kratos-admin/welcome
allowed_return_urls:
- ory-kratos-admin
methods:
password:
enabled: true
link:
enabled: true
config:
lifespan: 15m
oidc:
enabled: true
config:
providers:
- id: microsoft
provider: microsoft
label: microsoft
client_id: client_id
client_secret: client_secret
microsoft_tenant: common
issuer_url: <https://login.microsoftonline.com/common/oauth2/v2.0/authorize>
mapper_url: <https://storage.googleapis.com/bac-gcs-production/ca2c1bb3278251cd64913563fcff9412253581c821d078016e55761e965f989530a8777852603e571aa19ec09553af1cfdd28ba58489d94e4e2f9b906d04455f.jsonnet>
scope:
- openid
- profile
- email
- <https://graph.microsoft.com/User.Read>
subject_source: me
flows:
error:
ui_url: ory-kratos-admin/error
settings:
ui_url: ory-kratos-admin/settings
privileged_session_max_age: 15m
recovery:
enabled: true
ui_url: ory-kratos-admin/recovery
verification:
enabled: true
ui_url: ory-kratos-admin/verification
after:
default_browser_return_url: ory-kratos-admin/verified
logout:
after:
default_browser_return_url: ory-kratos-admin/login
login:
lifespan: 10m
ui_url: ory-kratos-admin/login
after:
default_browser_return_url: ory-kratos-admin/dashboard
registration:
lifespan: 10m
ui_url: ory-kratos-admin/registration
after:
default_browser_return_url: ory-kratos-admin/registered
oidc:
default_browser_return_url: hory-kratos-admin/dashboard
automigration:
enabled: true
identitySchemas:
"identity.default.schema.json": |
{
"$id": "<https://schemas.ory.sh/presets/kratos/identity.email.schema.json>",
"$schema": "<http://json-schema.org/draft-07/schema#>",
"title": "Person",
"type": "object",
"properties": {
"traits": {
"type": "object",
"properties": {
"email": {
"type": "string",
"format": "email",
"title": "E-Mail",
"<http://ory.sh/kratos|ory.sh/kratos>": {
"credentials": {
"password": {
"identifier": true
}
},
"recovery": {
"via": "email"
},
"verification": {
"via": "email"
}
}
}
},
"required": [
"email"
],
"additionalProperties": false
}
}
}
chart: kratosq
quick-barista-10563
03/14/2023, 5:01 PMHere's a snippet from mine
Copy code
kratos:
config:
session:
cookie:
name: session
domain: <http://domain.net|domain.net>
same_site: Strict
serve:
admin:
base_url: "<http://127.0.0.1:8088>"
public:
base_url: "<https://kratos.domain.net>" Copy code
base_url: ory-kratos-publicquick-barista-10563
03/14/2023, 5:01 PMAlso, in your inspector in the login flow, do you see that openid provider (google?) is forwarding to the correct kratos url, then kratos is failing to redirect to the correct location? or is it sooner?
quick-barista-10563
03/14/2023, 5:02 PMLastly, in your redirect do you have an error id or a flow id we can lookup with kratos
s
shy-beach-55709
03/14/2023, 5:02 PMYes, I did. More or less they look like this:
http://ory-kratos-public.my-domain.com
http://ory-kratos-admin.my-domain.com
http://ory-kratos-ui.my-domain.com
shy-beach-55709
03/14/2023, 5:10 PMSo:
_ in serve.admin.basel.url: there it should go the localhost
_ in serve.public.base_url: there should go the public url
_ and in the different flows: we should use the kratos ui url
Is this correct?
shy-beach-55709
03/14/2023, 5:26 PMThat would be in kratos deployment. In the ui, I have three urls to set:
• kratosAdminUrl: corresponds with the admin url (ory-kratos-admin.my-domain.com)
• kratosBrowserUrl: corresponds with the ui url (ory-kratos.my-domain.com)
• kratosPublicUrl: corresponds with the public url (ory-kratos-public.my-domain.com)
shy-beach-55709
03/14/2023, 5:43 PM@quick-barista-10563 ⬆️ 😿
q
quick-barista-10563
03/14/2023, 5:46 PMMy admin baseurl is local host so I can use kubectl port forward to access it, so far it hasn't needed to be publically accessible
I'll look to see if I set browser url
quick-barista-10563
03/14/2023, 5:53 PMThis is where my ui urls get set (note this is under
kratos.config Copy code
selfservice:
default_browser_return_url: <https://ui.domainnet>
allowed_return_urls:
- <https://ui.domain.net/login/>
flows:
registration:
enabled: false
ui_url: <https://ui.domain.net/register>
login:
ui_url: <https://ui.domain.net/login>
error:
ui_url: <https://ui.domain.net/login/error>quick-barista-10563
03/14/2023, 5:57 PMjust a note, my UI is my bespoke UI, so those URLs may not translate well for the kratos-selfservice-ui-node helm chart
quick-barista-10563
03/14/2023, 6:01 PMI'm still very curious to know at what stage this is breaking down
When I scroll up for enough it looks like you are being redirected to:
<wrong-domain>/login?flow=XXXXXXquick-barista-10563
03/14/2023, 6:01 PMWas localhost:4455 ever replaced with something else as part of your changes?
s
shy-beach-55709
03/14/2023, 6:16 PMI've made some changes, and I'm still not being able to make it work:
This is the current full info:
kratos.yaml:
Copy code
kratos:
config:
dsn: memory
identity:
default_schema_id: default
schemas:
- id: default
url: file:///etc/config/identity.default.schema.json
courier:
smtp:
connection_uri: <smtps://myuser:secret@mail.example.com:587/?skip_ssl_verify=true>
serve:
public:
base_url: <http://ory-kratos-public.my-domain>
cors:
enabled: true
admin:
base_url: "<http://127.0.0.1:4434>"
session:
cookie:
same_site: Lax
selfservice:
default_browser_return_url: <http://ory-kratos.my-domain/welcome>
allowed_return_urls:
- <http://ory-kratos.my-domain>
methods:
password:
enabled: true
link:
enabled: true
config:
lifespan: 15m
oidc:
enabled: true
config:
providers:
- id: microsoft
provider: microsoft
label: microsoft
client_id: client_id
client_secret: client_secret
microsoft_tenant: common
issuer_url: <https://login.microsoftonline.com/common/oauth2/v2.0/authorize>
mapper_url: <https://storage.googleapis.com/bac-gcs-production/ca2c1bb3278251cd64913563fcff9412253581c821d078016e55761e965f989530a8777852603e571aa19ec09553af1cfdd28ba58489d94e4e2f9b906d04455f.jsonnet>
scope:
- openid
- profile
- email
- <https://graph.microsoft.com/User.Read>
subject_source: me
flows:
error:
ui_url: <http://ory-kratos.my-domain/error>
settings:
ui_url: <http://ory-kratos.my-domain/settings>
privileged_session_max_age: 15m
recovery:
enabled: true
ui_url: <http://ory-kratos.my-domain/recovery>
verification:
enabled: true
ui_url: <http://ory-kratos.my-domain/verification>
after:
default_browser_return_url: <http://ory-kratos.my-domain/verified>
logout:
after:
default_browser_return_url: <http://ory-kratos.my-domain/login>
login:
lifespan: 10m
ui_url: <http://ory-kratos.my-domain/login>
after:
default_browser_return_url: <http://ory-kratos.my-domain/dashboard>
registration:
lifespan: 10m
ui_url: <http://ory-kratos.my-domain/registration>
after:
default_browser_return_url: <http://ory-kratos.my-domain/registered>
oidc:
default_browser_return_url: <http://ory-kratos.my-domain/dashboard> Copy code
source:
repoURL: '<https://k8s.ory.sh/helm/charts>'
targetRevision: 0.28.0
helm:
parameters:
- name: kratosAdminUrl
value: '<http://ory-kratos-admin.my-domain.com/>'
- name: kratosPublicUrl
value: '<http://ory-kratos-public.my-domain.com/>'
- name: service.type
value: LoadBalancer
- name: kratosBrowserUrl
value: '<http://ory-kratos.my-domain.com/>'
chart: kratos-selfservice-ui-nodeq
quick-barista-10563
03/14/2023, 6:17 PMA new, different, error, I call that progress!
quick-barista-10563
03/14/2023, 6:20 PMIt looks like it sent you to
self-service/login/browserquick-barista-10563
03/14/2023, 6:24 PMone note, firefox by default clears the network tab on every redirect; remember to click the gear and select "persist logs"
quick-barista-10563
03/14/2023, 6:25 PMAnother thing I will note is that self-service routes seem to always be kratos and not the ui
s
shy-beach-55709
03/14/2023, 6:30 PMThat's the inspect. The 200 is when I load the page, and then I get a 300 error which leads to the 404.
In our case, the urls are: ory-kratos for the ui (say, the login site), the ory-kratos-public and the ory-kratos-admin belong to the kratos itself deployment.
shy-beach-55709
03/14/2023, 6:33 PMI understand we're getting a very similar error to the one discussed here: https://github.com/ory/kratos/discussions/2556
q
quick-barista-10563
03/14/2023, 6:37 PMthe thing I find interesting is that the first piece is my flow is:
Copy code
POST <https://kratos.domain.net/self-service/login?flow=96d622b0-b518-4750-bce3-4a5d841eb9dd>ory_kratos_continuityquick-barista-10563
03/14/2023, 6:40 PMit made me look to see if your oidc config is in the right place, and it seems like it is 👍
s
shy-beach-55709
03/14/2023, 6:43 PMAny suggestion about what to change or where to look at to make this work?
shy-beach-55709
03/14/2023, 6:46 PMThe oidc shouldn't be the reason, because it doesn't even reach that part.
q
quick-barista-10563
03/14/2023, 6:47 PMThat does indeed seem very odd; when you disable password and "link" methods does it start attempting to contact microsoft?
s
shy-beach-55709
03/14/2023, 6:49 PMStill the same error with a 303 between the 200 and the 404.
shy-beach-55709
03/14/2023, 7:15 PMIf I manually change the self-service url, to ory-kratos-admin.my-domain.com/admin/self-service/login/browser then I get this flow:
307: GET http://ory-kratos-admin.my-domain.com/admin/self-service/login/browser?aal=&refresh=&return_to=
303: GET http://ory-kratos-public.my-domain.com/self-service/login/browser?aal=&refresh=&return_to=
302: GET http://ory-kratos.my-domain.com/login?flow=b63e80d7-0370-4e7f-949a-11e8bd176dc3
404: GET http://ory-kratos.my-domain.com/self-service/login/browser?aal=&refresh=&return_to=
At least in this way I get a flow id 😕 and it follows the logic described here https://www.ory.sh/docs/kratos/self-service/flows/user-login
q
quick-barista-10563
03/14/2023, 7:57 PMthe flow_id is great because you can look it up in the api
s
shy-beach-55709
03/14/2023, 8:08 PMBut still, I understand that then the flow implemented here isn't working, because it should be taking me to the ory-kratos-admin instead of the public. Right?
shy-beach-55709
03/15/2023, 12:27 PM@quick-barista-10563 any suggestion on this?
• kratos-selrfservice-ui-node
• kratos
The apps are configured as follows:
kratos-selfservice-ui-node:
Copy code
helm:
parameters:
- name: kratosAdminUrl
value: '<http://ory-kratos-admin.my-domain.com/>'
- name: kratosPublicUrl
value: '<http://ory-kratos-public.my-domain.com/>'
- name: service.type
value: LoadBalancer
- name: kratosBrowserUrl
value: '<http://ory-kratos.my-domain.com/>'
chart: kratos-selfservice-ui-node Copy code
kratos:
config:
help: true
log:
format: json
level: debug
leak_sensitive_values: true
dsn: memory
identity:
default_schema_id: default
schemas:
- id: default
url: file:///etc/config/identity.default.schema.json
courier:
smtp:
connection_uri: <smtps://myuser:secret@mail.example.com:587/?skip_ssl_verify=true>
serve:
public:
base_url: <http://ory-kratos-public.my-domain.com/>
cors:
enabled: true
admin:
base_url: <http://ory-kratos-admin.my-domain.com/admin>
session:
cookie:
domain: <http://my-domain.com|my-domain.com>
cookies:
domain: <http://my-domain.com|my-domain.com>
path: /
same_site: Lax
selfservice:
default_browser_return_url: <http://ory-kratos-public.my-domain.com/welcome>
allowed_return_urls:
- <http://ory-kratos-public.my-domain.com>
methods:
password:
enabled: true
link:
enabled: true
config:
lifespan: 15m
oidc:
enabled: true
config:
providers:
- id: microsoft
provider: microsoft
label: microsoft
client_id: client_id
client_secret: client_secret
microsoft_tenant: common
issuer_url: <https://login.microsoftonline.com/common/oauth2/v2.0/authorize>
mapper_url: mapper_url
scope:
- openid
- profile
- email
- <https://graph.microsoft.com/User.Read>
subject_source: me
flows:
error:
ui_url: <http://ory-kratos-public.my-domain.com/error>
settings:
ui_url: <http://ory-kratos-public.my-domain.com/settings>
privileged_session_max_age: 15m
recovery:
enabled: true
ui_url: <http://ory-kratos-public.my-domain.com/recovery>
verification:
enabled: true
ui_url: <http://ory-kratos-public.my-domain.com/verification>
after:
default_browser_return_url: <http://ory-kratos-public.my-domain.com/verified>
logout:
after:
default_browser_return_url: <http://ory-kratos-public.my-domain.com/login>
login:
lifespan: 10m
ui_url: <http://ory-kratos-public.my-domain.com/self-service/login/>
after:
default_browser_return_url: <http://ory-kratos-admin.my-domain.com/dashboard>
registration:
lifespan: 10m
ui_url: <http://ory-kratos-public.my-domain.com/registration>
after:
default_browser_return_url: <http://ory-kratos-public.my-domain.com/registered>
oidc:
default_browser_return_url: <http://ory-kratos-public.my-domain.com/dashboard>
automigration:
enabled: true
identitySchemas:
"identity.default.schema.json": |
{
"$id": "<https://schemas.ory.sh/presets/kratos/identity.email.schema.json>",
"$schema": "<http://json-schema.org/draft-07/schema#>",
"title": "Person",
"type": "object",
"properties": {
"traits": {
"type": "object",
"properties": {
"email": {
"type": "string",
"format": "email",
"title": "E-Mail",
"<http://ory.sh/kratos|ory.sh/kratos>": {
"credentials": {
"password": {
"identifier": true
}
},
"recovery": {
"via": "email"
},
"verification": {
"via": "email"
}
}
}
},
"required": [
"email"
],
"additionalProperties": false
}
}
}
chart: kratos Copy code
$ kubectl -n ory get pods | grep kratos
ory-kratos-ui-kratos-selfservice-ui-node-586d98d846-g96nh 1/1 Running 0 17h
ory-kratos-updated-865cb47458-hrms2 1/1 Running 0 6m55s
ory-kratos-updated-courier-0 1/1 Running 0 6m55s
ory-kratos-updated-mysql-0 1/1 Running 0 6h47m Copy code
ory-kratos-ui-kratos-selfservice-ui-node LoadBalancer
ory-kratos-updated-admin LoadBalancer
ory-kratos-updated-courier ClusterIP
ory-kratos-updated-mysql NodePort
ory-kratos-updated-mysql-headless ClusterIP
ory-kratos-updated-public LoadBalancershy-beach-55709
03/16/2023, 1:12 PM@proud-plumber-24205 @fast-lunch-54279 @steep-lamp-91158 any suggestions? I'm sory for being so insistent on this, but this has become a blocker sadkek
h
high-optician-2097
03/16/2023, 2:19 PM
Hey, please be respectful when pinning maintainers. Thanks
m
magnificent-energy-493
03/17/2023, 5:29 AM
Hello @shy-beach-55709,
I am sorry that you are having trouble running Ory.
Please understand that we are constrained in our resources and provide community support on a best effort basis.
If you require more comprehensive support, we recommend our managed service, Ory Network, which offers direct assistance.
If you are self-hosting Ory, it is important to note that you are responsible for any issues that may arise, as with any other free open source software.
Throughout Ory’s lifetime, we have received tens of thousands of issues and PRs, and in order to maintain our commitment to the community, we prioritize and focus on issues that have a broad impact.
Unfortunately, burnout has become a topic of concern amongst open-source projects.
It can lead to severe personal and health issues as well as opening catastrophic attack vectors.
The motivation for this is to help us build a sustainable open source ecosystem and not ignore, reject, or belittle anyone.
Thank you for your understanding, and to all those who contribute to and support the Ory community. 🙏✌️
s
shy-beach-55709
04/13/2023, 5:17 PMI understand and appreciate your reply, though I'm still a little bit disappointed since the documentation on how to deploy this using helm/k8s is lacking. Guess we could work it, I'll share how we've done it if we are able to overcome the issues mentioned above 🙂 thanks!
m
magnificent-energy-493
04/17/2023, 10:06 AM
Hey @shy-beach-55709
That would be great yes 🙂
If you want to do a little write up and publish it on our blog, I would be happy to assist you with that and we could do some “co-marketing”.
s
shy-beach-55709
05/31/2023, 5:36 PMJust a little update on this. I'm loving Ory, though it has been quite a ride the configuration using helm 🙈 We're finishing the configuration of Oathkeeper-Keto-Kratos (in Kratos we configured different authorizers) and we can see the effort and the value Ory adds to our business. So thanks for keeping it up 🙂 Once we are done we'll write our step by step guide and share it in case it's useful for somebody else
c
curved-oxygen-35290
05/31/2023, 6:20 PM@shy-beach-55709 please, that would be great 😉
m
magnificent-energy-493
06/05/2023, 10:59 AM
Hello @shy-beach-55709
Thanks for the update and the feedback!
I agree its not easy to self-host the full stack of Ory especially in k8s - it is one of the reasons why we build Ory Network as simple & affordable alternative to that 🙂
And as for the guide that would be very cool, maybe we can add it as drop in example here: https://github.com/ory/examples or on our blog.
In any case let me know if I can help with that in any way.
I am also doing “case studies” with companies who use Ory in production, let me know if you are interested in that - see the fandom case study for example
s
shy-beach-55709
06/05/2023, 12:15 PMWe'll do. Currently we're stuck figuring out the permission structure in Keto, but we already have a guide we use internally with the team so that everybody understands how it works our implementation. We could use that one as a starting point.
Regarding of doing a case study with our company, I'll check that with my team and let you know. We haven't move this to production stage yet, though.
6 Views