What does HackerNews think of hydra?
OpenID Certified™ OpenID Connect and OAuth Provider written in Go - cloud native, security-first, open source API security for your infrastructure. SDKs for any language. Works with Hardware Security Modules. Compatible with MITREid.
Spinning one up is easy, sure. Making sure it's production ready, is not so much.
Keycloak comes with the full IAM stack, so if you need that good; if you just need the OAuth server, its a bit much in my opinion. Have not tried Dex so can't speak to that.
https://github.com/ory/hydra https://github.com/keycloak/keycloak
If you’re interested to join Ory, we’d be excited to have you! Drop Aeneas a line and he’ll take it from there: [email protected]
Hopefully we’ll talk soon :)
Check out https://github.com/ory/kratos, our identity server. Or https://github.com/ory/hydra, our OAuth2 server. All of them together can be assembled to have something like Keycloak.
If you want a list of things that can go wrong, look here: https://tools.ietf.org/id/draft-ietf-oauth-security-topics-1...
Generally you probably do not need OAuth2: https://www.ory.sh/hydra/docs/concepts/before-oauth2/
But if you do don’t roll your own but use proven open source like https://github.com/ory/hydra
Also not a good resource, but acceptable: Pluralsight. There is one straight up OAuth course to go over all the basics and then quite a few language/framework specific ones, e.g. how to implement OAuth in Node/ASP.NET/etc. The OAuth course was dry but had some decent information - but I did quit halfway through it because of IdentityServer, so take that with a grain of salt.
And yes, it sure does feel more complicated than it has any right to be. There's a good read here https://hueniverse.com/oauth-2-0-and-the-road-to-hell-8eec45... by the once-lead-author.
I really do recommend checking out IdentityServer4 though, unless you're implementing this specifically to learn / have fun / etc. And if you don't care for the Microsoft ecosystem, I've heard nice things about Hydra https://github.com/ory/hydra which is a similar Go offering.
Open source OAuth / OpenID connect server
The docs, API and Docker images make it really easy to start developing against. Then the Docker images and database migration tools make it easy to deploy into our production infrastructure.
Also evaluating the other Ory tools like Keto, a policy engine.
The hackability of these is very attractive over closed services like Auth0.
The Oathkeeper proxy is one piece of the puzzle which basically takes incoming HTTP requests, evaluates them on a set of rules (e.g. authentication of credentials used, checking if the user has the right permissions, transforming the session data to a e.g. JWT) and either grants or denies access.
Other services include, for example, ORY Hydra ( https://github.com/ory/hydra ) which is an OAuth2 & OpenID Connect (certification pending) server that you can put "on top" of your existing user management.
While most developers opt to build these systems (permissions, user management) themselves, it is our vision to build a reliable, broadly adopted set of OSS tools that get you started quickly and that scale well as the requirements of your organization change.
Everything we do is build on top of open standards, we do not want to reinvent the wheel (unless nothing exists wrt to open standards). So everything in this ecosystem integrates well with existing systems.
If you have any questions, feel free to ask.
ps: New account because I lost my password and didn't set up a backup email. Stupid me.
-> OAuth2 Authorization Server https://github.com/ory/hydra
-> Identity & Access Proxy (early access): https://github.com/ory/oathkeeper
If you have questions don't hesitate to ask.
If you have any questions, feel free to ask ahead.
It's come so far now that I'm starting to consider this my full-time thing (I'm in the final stages of completing my MSc computer science) and I'm currently running evaluation on an API security platform based on that technology. Basically, I spend most of my time on it and I even got a small team helping me - but it's not what earns my living at the moment.
Before that I gathered a lot of experience from running and building https://en.serlo.org/ which is basically a Wikipedia for learning (I built the whole CMS from scratch) that serves over 1m MAUs in Germany (the english page is very sparse, most of it is on https://de.serlo.org ) and is thus on the most popular learning platforms in Germany. The company behind it is an NGO (= no profits) I cofounded and the platform is ad-free and doesn't cost anything. We get money through donations and other funds.
It's an exciting journey, I'm now at a point where I need to figure out how to actually make money on the web that doesn't come through donations and goodwill, but I think I can do it - why not, right?
By the way, you may also like the WYSIWYG editor I wrote - I also plan a static site generator based on it with a themeforest-y market place. Feel free to check those out:
* https://www.ory.am/sites/ * https://github.com/ory/editor
ps: It took me almost 2 years to get to 700$ at patreon and most of it comes from one sponsorship I'm very glad of. Their CTO texted me one day because he saw hydra on HN frontpage and he works in the identity space.