For those looking for a comparison, this is like an alternative to KeyCloak, except you have to "bring your own UI" - which I see as a pro, not a con. I've been evaluating Kratos for some time now, implementing it in a React/Redux/RTK Query app, and I've been really impressed with it. It's still not on parity with the massive feature-set and customize-ability of KeyCloak, but it's getting there pretty quickly. As of the latest release I think it's finally in a state where it can be used in production with little friction. But I'm really looking forward to what the future holds.
Hello, one of the maintainers of <a href="https://github.com/ory/kratos" rel="nofollow">https://github.com/ory/kratos</a> (the system used in the blog post) here :) We started Ory Kratos because we saw so many developers struggle with OAuth2 and OpenID Connect. If you have any questions around application auth, OAuth2, or Go, open source I'll try to do my best to answer them accurately!
I found it hard to quickly determine whether Kratos can run completely self-hosted, or that there's always some connection to Ory / Ory Cloud services.
Pretty cool. Just a heads up, the links in the section: "build your own login, registration, account settings, account verification (e.g. email, phone, activate account), account verification (e.g. reset password) user interfaces and user flows using dead-simple APIs" all are broken, except the 'login' link.<p>I'm interested in how you allow folks to customize the login flows (probably because my employer, FusionAuth, offers a competitive product :) ). Is this UX customization solely through custom react components?<p>Is there any ability to customize the actual login sequence, like Azure ADB2C allows? For example: for install A, I want to ask for login, then password, then MFA. for install B, I want to ask for email domain first, then login and password.
Been working on a webapp on-and-off using Kratos for a bit and it is a massive relief to be able to delegate the hard parts of authentication to something else.<p>My only real pain points are the docs and the JS SDK - the docs can be rough depending on what you're looking at, and the SDK has no documentation at all. I get that it's automatically generated, but it's enough of a pain to figure out that I resorted to just making the HTTP requests myself.
When using this, where can a get a deep dive into the architecture and details around the system?<p>I'm always hesitant to use third party Auth for fear that some bug in our app would generate otps and I won't be able to fix that in an emergency because of a lack of familiarity/access to source code/database
Ory developers emailed me and offered support after I had just expressed interest into the project with someone they know personally - that's a great experience and I have loved watching and using the project since then!
hi, the nextjs integration looks all promising. Especially how fast it is integrated.
I wonder if there is a smart way to automatically verify a session and get user details on one of my own api routes?