100% Free Forever
AI-Powered Learning
Industry Expert Content
Certificates & Badges
Learn At Your Own Pace
Cybersecurity

Ory

AdvancedPlatform2K learners

Ory is an open-source identity infrastructure project providing components for authentication, authorization, and access control, including OAuth2/OpenID Connect, identity management, and permission systems.

Definition

Ory is an open-source identity infrastructure project providing components for authentication, authorization, and access control, including OAuth2/OpenID Connect, identity management, and permission systems.

Overview

Ory provides a set of modular, API-first services that developers can compose to build authentication and authorization into applications without hand-rolling security-critical identity code. Its components include Ory Kratos for identity management and self-service login/registration flows, Ory Hydra for OAuth2 and OpenID Connect token issuance, and Ory Keto for fine-grained permission and access-control decisions inspired by Google's Zanzibar authorization model. Each Ory component is designed to be used independently or together, and can be self-hosted or consumed as a managed cloud service. This composability differentiates it from all-in-one identity platforms like Auth0 or Keycloak, letting teams adopt only the pieces of identity infrastructure they need while keeping full control over their data and deployment model. Because identity and access control touch nearly every application, Ory is typically evaluated by engineering teams building products that require secure user management at scale, particularly those wary of vendor lock-in from closed identity platforms. Specific adoption figures and version history are not detailed here to avoid overstating claims about a comparatively niche piece of infrastructure tooling.

Key Features

  • Modular identity components: Kratos (identity), Hydra (OAuth2/OIDC), Keto (permissions)
  • Open-source with both self-hosted and managed cloud deployment options
  • API-first design for integrating identity flows into any frontend
  • Zanzibar-inspired fine-grained authorization model via Ory Keto
  • Self-service registration, login, and account recovery flows
  • Standards-based OAuth2 and OpenID Connect support

Use Cases

Adding authentication and self-service account management to a product
Issuing and validating OAuth2/OpenID Connect tokens for APIs
Implementing fine-grained, relationship-based access control
Replacing a closed-source identity provider with self-hosted infrastructure
Building multi-tenant SaaS products with custom identity requirements

Frequently Asked Questions