From c7d28b72138c87e772592369718b6c6395554f16 Mon Sep 17 00:00:00 2001 From: vinckr Date: Thu, 8 May 2025 15:09:51 +0200 Subject: [PATCH 1/6] fix: relative links --- docs/actions/integrations/mailchimp.mdx | 3 +-- docs/concepts/redirects.mdx | 2 +- docs/getting-started/local-development.mdx | 6 +++--- docs/hydra/faq.md | 4 ++-- docs/hydra/guides/oauth2-webhooks.mdx | 4 ++-- docs/hydra/self-hosted/05_go.mdx | 4 ++-- docs/hydra/self-hosted/dependencies-environment.md | 4 ++-- docs/intro.mdx | 6 +++--- docs/open-source.mdx | 2 +- docs/sdk.mdx | 2 +- 10 files changed, 18 insertions(+), 19 deletions(-) diff --git a/docs/actions/integrations/mailchimp.mdx b/docs/actions/integrations/mailchimp.mdx index b8ad9355a..01131b680 100644 --- a/docs/actions/integrations/mailchimp.mdx +++ b/docs/actions/integrations/mailchimp.mdx @@ -76,8 +76,7 @@ To integrate Mailchimp using Ory Actions, you must complete these steps: ::: 4. Using the API key from the previous step, create an Ory Action for triggering a transactional email whenever a user completes - the registration flow. See [Mailchimp integration with Ory Actions](https://www.ory.sh/docs/actions/integrations/mailchimp) in - the Ory documentation. + the registration flow. 5. Test the integration by signing up with a test account in your Ory Network project and checking that the corresponding user data is updated in Mailchimp. diff --git a/docs/concepts/redirects.mdx b/docs/concepts/redirects.mdx index 5d9a5264d..54020e42a 100644 --- a/docs/concepts/redirects.mdx +++ b/docs/concepts/redirects.mdx @@ -10,7 +10,7 @@ This document covers browser redirects for Server Side Applications (Node.js, PH Set dynamic redirects using the `?return_to=` query parameter on self-service flows. For example: a user opens a sharable link to go to `https://myapp.com/posts`. This URL requires the user to have an active session and redirects the user back to the login page. To return the user back to the original URL, append `?return_to=https://myapp.com/posts` when starting the -[self-service login flow](https://www.ory.sh/docs/reference/api#operation/initializeSelfServiceLoginFlowForBrowsers): +[self-service login flow](../reference/api#operation/initializeSelfServiceLoginFlowForBrowsers): ```js curl -X GET 'http://.projects.oryapis.com/self-service/login/browser?return_to=...' diff --git a/docs/getting-started/local-development.mdx b/docs/getting-started/local-development.mdx index 8b25cf9ba..20c33cfb7 100644 --- a/docs/getting-started/local-development.mdx +++ b/docs/getting-started/local-development.mdx @@ -46,9 +46,9 @@ Follow these steps: Ory Network offers different environments for production, staging, and development. These are called Ory Network projects. -Review rate limits in the [Project Rate Limits](https://www.ory.sh/docs/guides/rate-limits) documentation. To match configuration -between projects use the [Ory CLI](https://www.ory.sh/docs/guides/cli/config-with-cli) For more information what environments are -included on the Ory Network plans, head over to the [Pricing](https://ory.sh/pricing) page. +Review rate limits in the [Project Rate Limits](../guides/rate-limits) documentation. To match configuration between projects use +the [Ory CLI](../guides/cli/config-with-cli). For more information on what environments are included on the Ory Network plans head +over to the [pricing](https://ory.sh/pricing) page. :::danger diff --git a/docs/hydra/faq.md b/docs/hydra/faq.md index e5adb5f79..41b6f61bf 100644 --- a/docs/hydra/faq.md +++ b/docs/hydra/faq.md @@ -234,8 +234,8 @@ challenge will always instruct you to show the login UI. ## Where can I get documentation on running multiple instances of Hydra? Hydra scales according to 12 factor principles. Just add another instance with the same config. Please check the -[documentation section for 12 factor principles](https://www.ory.sh/docs/ecosystem/cloud-native).There is also some information on -collecting statistics in the section on [prometheus](https://github.com/prometheus) in the +[documentation section for 12 factor principles](https://www.ory.sh/docs/ecosystem/cloud-native). There is also some information +on collecting statistics in the section on [prometheus](https://github.com/prometheus) in the [five minute tutorial](self-hosted/quickstart.mdx). ## Is it possible to disable/enable certain flows in Hydra? diff --git a/docs/hydra/guides/oauth2-webhooks.mdx b/docs/hydra/guides/oauth2-webhooks.mdx index 09b48d0c0..8067f9b59 100644 --- a/docs/hydra/guides/oauth2-webhooks.mdx +++ b/docs/hydra/guides/oauth2-webhooks.mdx @@ -123,8 +123,8 @@ Ory will perform a POST request with a JSON payload towards your endpoint. ``` `session` represents the OAuth2 session, along with the data that was passed to the -[Accept Consent Request](https://www.ory.sh/docs/hydra/reference/api#operation/acceptConsentRequest) in the `id_token` field (only -applicable to Authorization code flows). +[Accept Consent Request](../../hydra/reference/api#operation/acceptConsentRequest) in the `id_token` field (only applicable to +Authorization code flows). `request` contains information from the OAuth client's request to the token endpoint. diff --git a/docs/hydra/self-hosted/05_go.mdx b/docs/hydra/self-hosted/05_go.mdx index 43b64a794..884627e83 100644 --- a/docs/hydra/self-hosted/05_go.mdx +++ b/docs/hydra/self-hosted/05_go.mdx @@ -260,8 +260,8 @@ func main() { ### Fake TLS termination -You can set Ory Hydra to HTTPS mode without actually accepting TLS connections, visit -[Preparing for Production](https://www.ory.sh/docs/hydra/production#tls-termination) to learn more. The following code example +You can set Ory Hydra to HTTPS mode without actually accepting TLS connections, visit the +[Preparing for Production](../../hydra/self-hosted/production#tls-termination) document to learn more. The following code example shows how to configure Ory Hydra to fake a TLS termination: ```go diff --git a/docs/hydra/self-hosted/dependencies-environment.md b/docs/hydra/self-hosted/dependencies-environment.md index 28ee71267..025c9a8a1 100644 --- a/docs/hydra/self-hosted/dependencies-environment.md +++ b/docs/hydra/self-hosted/dependencies-environment.md @@ -34,5 +34,5 @@ Running SQL migrations in Docker is very easy, check out the ### Configuration -For more information on configuring the DSN (Data-Source-Name), head over to -[Deployment Fundamentals and Requirements](https://www.ory.sh/docs/ecosystem/deployment). +For more information on configuring the DSN (Data-Source-Name), head over to the +[Deployment Fundamentals and Requirements](../../self-hosted/deployment) document. diff --git a/docs/intro.mdx b/docs/intro.mdx index b7df2e4f9..89f0967d9 100644 --- a/docs/intro.mdx +++ b/docs/intro.mdx @@ -107,9 +107,9 @@ ExpressJS, React, or Preact. ### Ory Actions -[Ory Actions](https://www.ory.sh/docs/kratos/hooks/configure-hooks) provide a flexible way to extend the capabilities of the Ory -Network by defining custom business logic, automating system behavior in response to events, and integrating with third-party -services such as CRM platforms, payment gateways, business analytics tools, and integration platforms. +[Ory Actions](./kratos/hooks/configure-hooks) provide a flexible way to extend the capabilities of the Ory Network by defining +custom business logic, automating system behavior in response to events, and integrating with third-party services such as CRM +platforms, payment gateways, business analytics tools, and integration platforms. ## Ory Open Source diff --git a/docs/open-source.mdx b/docs/open-source.mdx index 36dd5b4fd..d1757c78e 100644 --- a/docs/open-source.mdx +++ b/docs/open-source.mdx @@ -27,7 +27,7 @@ You can find all of our open-source projects on GitHub: | Project | Description | Documentation | | -------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------ | -| [Ory SDK](https://github.com/ory/sdk) | Software development kit for all popular programming languages, generated using openapi-generator. | [SDK docs](https://ory.sh/docs/sdk) | +| [Ory SDK](https://github.com/ory/sdk) | Software development kit for all popular programming languages, generated using openapi-generator. | [SDK docs](./sdk) | | [Ory Dockertest](https://github.com/ory/dockertest) | Dockertest helps you boot up docker images for your Go tests with minimal work. | [Dockertest godoc](https://godoc.org/github.com/ory/dockertest) | | [Ory Kubernetes Helm Charts](https://github.com/ory/k8s) | Kubernetes Helm Charts for the Ory ecosystem. | [k8s.ory.sh](https://k8s.ory.sh/helm/) | | [Ory Fosite](https://github.com/ory/fosite) | Extensible OAuth 2.0 and OpenID Connect SDK for Go. | [Fosite godoc](https://godoc.org/github.com/ory/fosite) | diff --git a/docs/sdk.mdx b/docs/sdk.mdx index 137eebf68..7e9ac020f 100644 --- a/docs/sdk.mdx +++ b/docs/sdk.mdx @@ -10,7 +10,7 @@ Before using the SDK, consult the Ory [REST](./reference/api.mdx) API documentat various programming languages. This SDK is intended to be used with Ory Network. For self-hosting Ory services use the respective client. Read more in the -[self-hosting documentation](https://www.ory.sh/docs/ecosystem/projects) for each service under **Reference/SDK**. +[self-hosting documentation](./ecosystem/projects) for each service under **Reference/SDK**. ## Download the SDK From 91d0431c808758de64f14748b6d878afb5ab10f9 Mon Sep 17 00:00:00 2001 From: vinckr Date: Thu, 8 May 2025 18:51:59 +0200 Subject: [PATCH 2/6] fix: relative links --- docs/getting-started/integrate-auth/05_php.mdx | 4 ++-- docs/hydra/self-hosted/deploy-hydra-example.mdx | 9 ++++----- docs/hydra/self-hosted/production.md | 2 +- docs/keto/guides/production.md | 4 ++-- docs/keto/guides/rbac.mdx | 2 +- docs/keto/guides/simple-access-check-guide.mdx | 4 ++-- docs/kratos/concepts/security.mdx | 2 +- docs/kratos/configuring.md | 4 ++-- docs/kratos/guides/multi-domain-cookies.mdx | 6 +++--- docs/kratos/mfa/01_overview.mdx | 4 ++-- docs/kratos/passwordless/00_overview.mdx | 2 +- docs/migrate-to-ory/auth0.mdx | 2 +- docs/oauth2-oidc/custom-login-consent/flow.mdx | 2 +- 13 files changed, 23 insertions(+), 24 deletions(-) diff --git a/docs/getting-started/integrate-auth/05_php.mdx b/docs/getting-started/integrate-auth/05_php.mdx index b50fa1750..19a30f30a 100644 --- a/docs/getting-started/integrate-auth/05_php.mdx +++ b/docs/getting-started/integrate-auth/05_php.mdx @@ -50,14 +50,14 @@ import CreateProject from '../_common/create-project.mdx' ## Install Ory CLI -To install Ory CLI follow [this guide](https://www.ory.sh/docs/guides/ory-cli-install-use) +Follow [this guide](../../guides/cli/01_installation.mdx) to install the Ory CLI on your machine. ### Why do I need the Ory CLI ```mdx-code-block import OryCLI from '../_common/ory-cli.mdx' - + ``` ## Create an Entry Page diff --git a/docs/hydra/self-hosted/deploy-hydra-example.mdx b/docs/hydra/self-hosted/deploy-hydra-example.mdx index ac5f6f2b2..13e1f08cb 100644 --- a/docs/hydra/self-hosted/deploy-hydra-example.mdx +++ b/docs/hydra/self-hosted/deploy-hydra-example.mdx @@ -8,9 +8,8 @@ import CodeBlock from "@theme/CodeBlock" This guide explains how to set up and run Ory Hydra in an exemplary production environment. It uses Postgres as database, Nginx as reverse proxy, and Digital Ocean as cloud provider. You can use another -[relational database](https://www.ory.sh/docs/ecosystem/deployment#data-storage-and-persistence), a different reverse proxy, -deploy on any other cloud host, and -[spin up a custom user interface in your favorite language](https://www.ory.sh/docs/hydra/sdk/) - this is just an example! +[relational database](../ecosystem/deployment#data-storage-and-persistence), a different reverse proxy, deploy on any other cloud +host, and [spin up a custom user interface in your favorite language](../sdk/overview) - this is just an example! ## Create a Droplet @@ -228,7 +227,7 @@ Thank you for using Ory Hydra ${useLatestRelease("hydra")}! WantedBy=multi-user.target ``` -[Read more about the administrative and public APIs](https://www.ory.sh/docs/hydra/production#exposing-administrative-and-public-api-endpoints). +[Read more about the administrative and public APIs](../self-hosted/production/#exposing-administrative-and-public-api-endpoints). 4. To run Ory Hydra using systemd add the systemd service to startup: @@ -323,7 +322,7 @@ instances of Ory Hydra running on the various virtual machines. We need two upst - public_api to proxy traffic to the Public API of Ory Hydra - admin_api to proxy traffic to the Admin API of Ory Hydra -[Read more about exposing admin and public API endpoints](https://www.ory.sh/docs/hydra/production#exposing-administrative-and-public-api-endpoints). +[Read more about exposing admin and public API endpoints](../self-hosted/production#exposing-administrative-and-public-api-endpoints). 5. Add the following configuration before the `server` section to the `/etc/nginx/sites-enabled/oauth2.example.com` file: diff --git a/docs/hydra/self-hosted/production.md b/docs/hydra/self-hosted/production.md index f2e9657fe..5bd190aed 100644 --- a/docs/hydra/self-hosted/production.md +++ b/docs/hydra/self-hosted/production.md @@ -7,7 +7,7 @@ Read this document to prepare for production when self-hosting Ory Hydra. Feel free to [open an issue or pull request](https://github.com/ory/docs/) when you have an idea how to improve this documentation. -Read more about [deployment fundamentals and requirements for Ory](https://www.ory.sh/docs/ecosystem/deployment). +Read more about [deployment fundamentals and requirements for Ory](../../self-hosted/deployment). ## Ory Hydra behind an API gateway diff --git a/docs/keto/guides/production.md b/docs/keto/guides/production.md index 5eab938c9..ecaf095e5 100644 --- a/docs/keto/guides/production.md +++ b/docs/keto/guides/production.md @@ -7,12 +7,12 @@ Read this document to prepare for production when self-hosting Ory Keto. Feel free to [open an issue or pull request](https://github.com/ory/docs/) when you have an idea how to improve this documentation. -Read more about [deployment fundamentals and requirements for Ory](https://www.ory.sh/docs/ecosystem/deployment). +Read more about [deployment fundamentals and requirements for Ory](../../self-hosted/deployment). ## Database Ory Keto requires a production-grade database such as PostgreSQL, MySQL, CockroachDB. Don't use SQLite in production! Read more -about [deployment fundamentals and requirements for Ory](https://www.ory.sh/docs/ecosystem/deployment). +about [deployment fundamentals and requirements for Ory](../../self-hosted/deployment). ## Ory Keto API behind an API gateway diff --git a/docs/keto/guides/rbac.mdx b/docs/keto/guides/rbac.mdx index 205768a2a..558a4eb36 100644 --- a/docs/keto/guides/rbac.mdx +++ b/docs/keto/guides/rbac.mdx @@ -49,7 +49,7 @@ to have access only during work hours), or in multi-tenant environments. We need to have three groups, `finance`, `marketing`, `community`. Also, we need to have two namespaces: `reports` to manage access control and `groups` to add users to this group -Let's add namespaces to Keto config. [here](https://www.ory.sh/docs/keto/reference/configuration) +Let's add namespaces to Keto config. See the full reference API config [here](../../keto/reference/configuration). ```yaml # ... diff --git a/docs/keto/guides/simple-access-check-guide.mdx b/docs/keto/guides/simple-access-check-guide.mdx index 0a8be3095..c32d9da7d 100644 --- a/docs/keto/guides/simple-access-check-guide.mdx +++ b/docs/keto/guides/simple-access-check-guide.mdx @@ -44,8 +44,8 @@ the request subject's read permission on the file should be checked first. :::info Authentication isn't part of the permission check API, but it's a prerequisite for any permission check to be meaningful. One way -to implement authentication is to use [Ory Identities](https://www.ory.sh/docs/welcome#identities-and-sessions), which provide a -secure and robust authentication system for your application. +to implement authentication is to use [Ory Identities](../../intro#identities-and-sessions), which provide a secure and robust +authentication system for your application. ::: diff --git a/docs/kratos/concepts/security.mdx b/docs/kratos/concepts/security.mdx index 4b855baf2..46a20b456 100644 --- a/docs/kratos/concepts/security.mdx +++ b/docs/kratos/concepts/security.mdx @@ -69,7 +69,7 @@ password policy, refer to the [password policy page](../../concepts/password-pol ## OAuth 2.0 security Ory OAuth2 and OpenID Connect is a certified OAuth2 and OpenID Connect provider. You can read more in the -[OAuth 2.0 security overview](https://www.ory.sh/docs/hydra/security-architecture) documentation. +[OAuth 2.0 security overview](../../hydra/security-architecture) documentation. ## CAPTCHAs diff --git a/docs/kratos/configuring.md b/docs/kratos/configuring.md index e57a07d83..8f1aaa8c8 100644 --- a/docs/kratos/configuring.md +++ b/docs/kratos/configuring.md @@ -4,7 +4,7 @@ title: Configure Ory Kratos --- This document describes _how_ the service can be configured. For a documentation on all configuration values head over to the -[configuration reference](reference/configuration.mdx). +[configuration reference](./reference/configuration.mdx). ## Configuration file @@ -20,4 +20,4 @@ described in the following section. Environmental variables take precedence over config file values. Nested paths get mapped to config values by putting an underscore `_` between every level, so `selfservice.flows.settings.ui_url` becomes `SELFSERVICE_FLOWS_SETTINGS_UI_URL=`. -Please note that there are some caveats when using env vars [documented here](https://www.ory.sh/docs/ecosystem/configuring). +Please note that there are some caveats when using env vars [documented here](../ecosystem/configuring). diff --git a/docs/kratos/guides/multi-domain-cookies.mdx b/docs/kratos/guides/multi-domain-cookies.mdx index eef83c11e..c04e3afe4 100644 --- a/docs/kratos/guides/multi-domain-cookies.mdx +++ b/docs/kratos/guides/multi-domain-cookies.mdx @@ -42,6 +42,6 @@ session: same_site: Strict ``` -At the moment it isn't possible to set up Ory Kratos in a way where you get session cookies running on two separate top level -domains (for example `my-domain.com` and `another-domain.com`). This is supported only on Ory Network through the -[Multibrand](https://www.ory.sh/docs/kratos/bring-your-own-ui/configure-ory-to-use-your-ui#multiple-custom-domains) feature. +Seting up Ory Kratos in a way where you get session cookies running on two separate top level domains (for example `my-domain.com` +and `another-domain.com`) is supported only on Ory Network or Ory Kratos Enterprise through the +[Multibrand](../../kratos/bring-your-own-ui/configure-ory-to-use-your-ui#multiple-custom-domains) feature. diff --git a/docs/kratos/mfa/01_overview.mdx b/docs/kratos/mfa/01_overview.mdx index cb8e33410..9a294164e 100644 --- a/docs/kratos/mfa/01_overview.mdx +++ b/docs/kratos/mfa/01_overview.mdx @@ -20,7 +20,7 @@ or self-service actions, such as updating account information or credentials, fr For example, you might decide to require a user to log in with two factors right at the start of the session. Alternatively, you could allow the user to start the session by logging in with the first factor and only require the second factor at the point where the user is about to perform a security-sensitive operation. Read more about dynamic MFA in the -[step-up authentication](https://www.ory.sh/docs/kratos/mfa/step-up-authentication) document. +[step-up authentication](../../kratos/mfa/step-up-authentication) document. ## Available methods @@ -46,7 +46,7 @@ authentication method. They can be used to complete the second factor when users ### SMS SMS for MFA sends a one-time password to the user's registered mobile phone number via text message. Read the -[Code via SMS](https://www.ory.sh/docs/kratos/mfa/mfa-via-sms) documentation to learn more. +[Code via SMS](../../../docs/kratos/mfa/mfa-via-sms) documentation to learn more. ## Terminology diff --git a/docs/kratos/passwordless/00_overview.mdx b/docs/kratos/passwordless/00_overview.mdx index 784db59c1..ec3366a74 100644 --- a/docs/kratos/passwordless/00_overview.mdx +++ b/docs/kratos/passwordless/00_overview.mdx @@ -25,7 +25,7 @@ Ory's self-service flows support passwordless authentication for browser-based a After enabling it in Ory, the Ory Account Experience automatically presents passwordless as an option in the registration and login flows. When developing your own authentication UI for a browser-based app, the steps for integrating your application with the passwordless registration and login flows are described -[in the documentation](https://www.ory.sh/docs/kratos/bring-your-own-ui/custom-ui-advanced-integration). +[in the documentation](../bring-your-own-ui/custom-ui-advanced-integration). There are two different classes of authenticators that can be used with passwordless: diff --git a/docs/migrate-to-ory/auth0.mdx b/docs/migrate-to-ory/auth0.mdx index ecbe06b10..3887f2ca9 100644 --- a/docs/migrate-to-ory/auth0.mdx +++ b/docs/migrate-to-ory/auth0.mdx @@ -120,7 +120,7 @@ To import your Auth0 users to Ory, you must create new users in Ory and associat emails and passwords. - If you don't have password hashes from Auth0, create new users for the known email addresses and the associated data. In this case, users must create new passwords when they log in to their accounts for the first time. To facilitate this, enable - [account recovery](https://www.ory.sh/docs/kratos/self-service/flows/account-recovery-password-reset). + [account recovery](../kratos/self-service/flows/account-recovery-password-reset). The procedure is performed by running a [custom script](https://raw.githubusercontent.com/ory/docs/master/code-examples/migrate-to-ory/1-create-ory-identities.sh). To use diff --git a/docs/oauth2-oidc/custom-login-consent/flow.mdx b/docs/oauth2-oidc/custom-login-consent/flow.mdx index 930ff7965..1c1790f85 100644 --- a/docs/oauth2-oidc/custom-login-consent/flow.mdx +++ b/docs/oauth2-oidc/custom-login-consent/flow.mdx @@ -146,7 +146,7 @@ section to manage the feature. #### Implementation Skipping the consent screen is managed by the `challenge` object returned from -[getOAuth2ConsentRequest](https://www.ory.sh/docs/hydra/reference/api#tag/oAuth2/operation/getOAuth2ConsentRequest). +[getOAuth2ConsentRequest](../../hydra/reference/api#tag/oAuth2/operation/getOAuth2ConsentRequest). If the consent is skipped for the given OAuth2 client, `challenge.client.skip_consent` is `true`. From f74ddae54898abc18ef12394ebc1608944df7a4d Mon Sep 17 00:00:00 2001 From: vinckr Date: Fri, 9 May 2025 18:50:02 +0200 Subject: [PATCH 3/6] fix: relative links --- docs/hydra/self-hosted/deploy-hydra-example.mdx | 4 ++-- docs/identities/index.md | 4 ++-- docs/kratos/guides/deploy-kratos-example.mdx | 5 ++--- docs/kratos/guides/production.md | 2 +- 4 files changed, 7 insertions(+), 8 deletions(-) diff --git a/docs/hydra/self-hosted/deploy-hydra-example.mdx b/docs/hydra/self-hosted/deploy-hydra-example.mdx index 13e1f08cb..5e2c9227a 100644 --- a/docs/hydra/self-hosted/deploy-hydra-example.mdx +++ b/docs/hydra/self-hosted/deploy-hydra-example.mdx @@ -8,8 +8,8 @@ import CodeBlock from "@theme/CodeBlock" This guide explains how to set up and run Ory Hydra in an exemplary production environment. It uses Postgres as database, Nginx as reverse proxy, and Digital Ocean as cloud provider. You can use another -[relational database](../ecosystem/deployment#data-storage-and-persistence), a different reverse proxy, deploy on any other cloud -host, and [spin up a custom user interface in your favorite language](../sdk/overview) - this is just an example! +[relational database](../../self-hosted/deployment#data-storage-and-persistence), a different reverse proxy, deploy on any other +cloud host, and [spin up a custom user interface in your favorite language](../sdk/overview) - this is just an example! ## Create a Droplet diff --git a/docs/identities/index.md b/docs/identities/index.md index f40d1510c..f79b48abf 100644 --- a/docs/identities/index.md +++ b/docs/identities/index.md @@ -6,8 +6,8 @@ sidebar_label: Ory Identities Ory Identities is an API-first identity and user management system built on top of the widely deployed open-source [Ory Kratos Identity Server](https://github.com/ory/kratos) following -[cloud architecture best practices](https://www.ory.sh/docs/ecosystem/software-architecture-philosophy/). It implements mechanisms -that allow handling core use cases that the majority of modern software applications have to deal with: +[cloud architecture best practices](./ecosystem/software-architecture-philosophy/). It implements mechanisms that allow handling +core use cases that the majority of modern software applications have to deal with: - **Self-service login and registration**: Allow end-users to create and sign in to accounts using username/email and password combinations, social sign-in ("Sign in with Google, GitHub"), passwordless flows, and others. diff --git a/docs/kratos/guides/deploy-kratos-example.mdx b/docs/kratos/guides/deploy-kratos-example.mdx index b411f9bc4..7d8ba6764 100644 --- a/docs/kratos/guides/deploy-kratos-example.mdx +++ b/docs/kratos/guides/deploy-kratos-example.mdx @@ -9,9 +9,8 @@ import CodeBlock from "@theme/CodeBlock" This guide explains how to set up and run Ory Kratos in an exemplary production environment. It uses Postgres as database, Nginx as reverse proxy, Digital Ocean as cloud provider, and the [Ory Kratos Node.js UI Reference](https://github.com/ory/kratos-selfservice-ui-node) as user interface. You can use another -[relational database](https://www.ory.sh/docs/ecosystem/deployment#data-storage-and-persistence), a different reverse proxy, -deploy on any other cloud host, and -[spin up a custom interface in your favorite language](https://www.ory.sh/docs/kratos/sdk/overview) - this is just an example! +[relational database](../../self-hosted/deployment#data-storage-and-persistence), a different reverse proxy, deploy on any other +cloud host, and [spin up a custom interface in your favorite language](../sdk/overview) - this is just an example! ## Create a Droplet diff --git a/docs/kratos/guides/production.md b/docs/kratos/guides/production.md index 76f14444b..77daea202 100644 --- a/docs/kratos/guides/production.md +++ b/docs/kratos/guides/production.md @@ -7,7 +7,7 @@ Read this document to prepare for production when self-hosting Ory Kratos. Feel free to [open an issue or pull request](https://github.com/ory/docs/) when you have an idea how to improve this documentation. -Read more about [deployment fundamentals and requirements for Ory](https://www.ory.sh/docs/ecosystem/deployment). +Read more about [deployment fundamentals and requirements for Ory](../../self-hosted/deployment). ## Database From 1ce303223a978082f0362b41f620bb5b7ed34432 Mon Sep 17 00:00:00 2001 From: vinckr Date: Fri, 9 May 2025 18:55:08 +0200 Subject: [PATCH 4/6] fix: relative links --- docs/kratos/self-service/flows/user-login.mdx | 4 ++-- docs/kratos/self-service/flows/user-registration.mdx | 4 ++-- docs/kratos/self-service/flows/user-settings.mdx | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/kratos/self-service/flows/user-login.mdx b/docs/kratos/self-service/flows/user-login.mdx index 2b2b2adb4..54eb9c437 100644 --- a/docs/kratos/self-service/flows/user-login.mdx +++ b/docs/kratos/self-service/flows/user-login.mdx @@ -145,8 +145,8 @@ example) to the URL configured here: ]}> -The Ory Network offers a default UI implementation. Visit -[Bring Your Own UI](../../bring-your-own-ui/05_custom-ui-basic-integration.mdx) to learn how to implement a custom UI. +The Ory Network offers a default UI for all self-service flows. Visit the +[Bring Your Own UI](../../bring-your-own-ui/05_custom-ui-basic-integration.mdx) document for more info on a custom UI. diff --git a/docs/kratos/self-service/flows/user-registration.mdx b/docs/kratos/self-service/flows/user-registration.mdx index 1797ca444..790ec291b 100644 --- a/docs/kratos/self-service/flows/user-registration.mdx +++ b/docs/kratos/self-service/flows/user-registration.mdx @@ -153,8 +153,8 @@ example) to the configured registration URL. ]}> -The Ory Network offers a default UI implementation. Visit -[Bring Your Own UI](../../bring-your-own-ui/05_custom-ui-basic-integration.mdx) to learn how to implement a custom UI. +The Ory Network offers a default UI for all self-service flows. Visit the +[Bring Your Own UI](../../bring-your-own-ui/05_custom-ui-basic-integration.mdx) document for more info on a custom UI. diff --git a/docs/kratos/self-service/flows/user-settings.mdx b/docs/kratos/self-service/flows/user-settings.mdx index 2b0105cab..00262a22f 100644 --- a/docs/kratos/self-service/flows/user-settings.mdx +++ b/docs/kratos/self-service/flows/user-settings.mdx @@ -277,8 +277,8 @@ example) to the configured settings URL. ]}> -The Ory Network offers a default UI implementation. Visit -[Bring Your Own UI](https://www.ory.sh/docs/kratos/bring-your-own-ui/01_overview.mdx) to learn how to implement a custom UI. +Ory Network offers a default UI for all self-service flows. Visit the +[Bring Your Own UI](https://www.ory.sh/docs/kratos/bring-your-own-ui/01_overview.mdx) document for more info on a custom UI. From f07ce2d3e99fafa27459ea80badf0f6490bb2b7a Mon Sep 17 00:00:00 2001 From: vinckr Date: Fri, 9 May 2025 21:15:38 +0200 Subject: [PATCH 5/6] chore: build --- docs/identities/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/identities/index.md b/docs/identities/index.md index f79b48abf..4cc7d2c45 100644 --- a/docs/identities/index.md +++ b/docs/identities/index.md @@ -6,7 +6,7 @@ sidebar_label: Ory Identities Ory Identities is an API-first identity and user management system built on top of the widely deployed open-source [Ory Kratos Identity Server](https://github.com/ory/kratos) following -[cloud architecture best practices](./ecosystem/software-architecture-philosophy/). It implements mechanisms that allow handling +[cloud architecture best practices](ecosystem/software-architecture-philosophy.md). It implements mechanisms that allow handling core use cases that the majority of modern software applications have to deal with: - **Self-service login and registration**: Allow end-users to create and sign in to accounts using username/email and password From 021ae7fb795eb1ad460998af7bb5786e8896ee59 Mon Sep 17 00:00:00 2001 From: vinckr Date: Fri, 9 May 2025 21:15:46 +0200 Subject: [PATCH 6/6] fix: relative links --- docs/hydra/faq.md | 4 +- .../model/manage-identity-schema.mdx | 15 ++++---- .../keto/guides/migrating-legacy-policies.mdx | 22 +++++------ docs/keto/self-hosted/05_go.mdx | 6 +-- ...-trust-iap-proxy-identity-access-proxy.mdx | 38 +++++++++---------- .../25_import-user-accounts-identities.mdx | 6 +-- docs/kratos/self-hosted/05_go.mdx | 5 +-- .../self-service/flows/user-settings.mdx | 4 +- docs/migrate-to-ory/index.mdx | 14 +++---- docs/oathkeeper/guides/websockets.mdx | 7 ++-- docs/oathkeeper/pipeline/authz.md | 7 ++-- docs/oauth2-oidc/index.md | 6 +-- docs/oauth2-oidc/jwt-access-token.mdx | 5 +-- 13 files changed, 64 insertions(+), 75 deletions(-) diff --git a/docs/hydra/faq.md b/docs/hydra/faq.md index 41b6f61bf..77c388418 100644 --- a/docs/hydra/faq.md +++ b/docs/hydra/faq.md @@ -234,8 +234,8 @@ challenge will always instruct you to show the login UI. ## Where can I get documentation on running multiple instances of Hydra? Hydra scales according to 12 factor principles. Just add another instance with the same config. Please check the -[documentation section for 12 factor principles](https://www.ory.sh/docs/ecosystem/cloud-native). There is also some information -on collecting statistics in the section on [prometheus](https://github.com/prometheus) in the +[documentation section for 12 factor principles](../ecosystem/software-architecture-philosophy). There is also some information on +collecting statistics in the section on [prometheus](https://github.com/prometheus) in the [five minute tutorial](self-hosted/quickstart.mdx). ## Is it possible to disable/enable certain flows in Hydra? diff --git a/docs/identities/model/manage-identity-schema.mdx b/docs/identities/model/manage-identity-schema.mdx index 49d2c1f65..598fd774c 100644 --- a/docs/identities/model/manage-identity-schema.mdx +++ b/docs/identities/model/manage-identity-schema.mdx @@ -72,7 +72,7 @@ However, you can use the existing schema as a template to create a new schema. S [Creating custom schemas](#creating-custom-schemas) and select the current schema as a template. It's recommended to manage identity schemas in version control. Learn more about -[managing Ory Network configuration in git](http://ory.sh/docs/guides/gitops). +[managing Ory Network configuration in git](../../guides/gitops). ## Update identities to use a new schema @@ -105,9 +105,8 @@ the steps 4 to 7 or check out the example code for bulk updating identities belo 4. Find the identity to be updated and note down their `id`. -5. To update the identity, you need to use the - [Admin API](https://www.ory.sh/docs/reference/api#tag/identity/operation/updateIdentity). The API requires the Ory Network - [Project slug](https://console.ory.sh/projects/current/settings), +5. To update the identity, you need to use the [Admin API](../../reference/api#tag/identity/operation/updateIdentity). The API + requires the Ory Network [Project slug](https://console.ory.sh/projects/current/settings), [API Key](https://console.ory.sh/projects/current/developers), and identity ID. Set them as environment variables: ```bash @@ -124,7 +123,7 @@ the steps 4 to 7 or check out the example code for bulk updating identities belo -Using the [patchIdentity API](https://www.ory.sh/docs/reference/api#tag/identity/operation/patchIdentity), you can change the +Using the [patchIdentity API](../../reference/api#tag/identity/operation/patchIdentity), you can change the identity schema and traits directly. Using patchIdentity is the recommended way to update identities. @@ -160,7 +159,7 @@ This should return the modified identity as the response. :::note -This example uses the [Ory Go SDK](https://github.com/ory/client-go). If you wish to use a different programming language for identity schema migration, you can apply the same logic using the [Ory SDK for your programming language](https://www.ory.sh/docs/sdk). Ory can also provide +This example uses the [Ory Go SDK](https://github.com/ory/client-go). If you wish to use a different programming language for identity schema migration, you can apply the same logic using the [Ory SDK for your programming language](../../sdk). Ory can also provide example code in your preferred language. Please contact `support@ory.sh`. ::: @@ -259,7 +258,7 @@ func migrateSchema(toSchema, identityID string) error { -Update the identity using the [updateIdentity API](https://www.ory.sh/docs/reference/api#tag/identity/operation/updateIdentity): +Update the identity using the [updateIdentity API](../../reference/api#tag/identity/operation/updateIdentity): 1. Save the existing identity @@ -289,7 +288,7 @@ Update the identity using the [updateIdentity API](https://www.ory.sh/docs/refer :::info -The [updateIdentity API](https://www.ory.sh/docs/reference/api#tag/identity/operation/updateIdentity) overwrites the existing identity with the one provided in the request body. Omit any fields that should not be changed, including the `credentials` field. +The [updateIdentity API](../../reference/api#tag/identity/operation/updateIdentity) overwrites the existing identity with the one provided in the request body. Omit any fields that should not be changed, including the `credentials` field. ::: diff --git a/docs/keto/guides/migrating-legacy-policies.mdx b/docs/keto/guides/migrating-legacy-policies.mdx index abde4eacd..bab0d9184 100644 --- a/docs/keto/guides/migrating-legacy-policies.mdx +++ b/docs/keto/guides/migrating-legacy-policies.mdx @@ -3,10 +3,8 @@ id: migrating-legacy-policies title: Migrating policies from 0.5 to 0.6 --- -0.6 release makes Ory Access Control Policy DSL modeled after AWS IAM Policies obsolete. This guide will help you to rewrite your -policies in to [relation-tuples](https://www.ory.sh/docs/keto/concepts/relation-tuples). You can read -[The Evolution of Ory Keto: A Global Scale Authorization System](https://www.ory.sh/keto-zanzibar-evolution/) blogpost to -understand a benefits of 0.6 release +The 0.6 release of Ory Keto makes Ory Access Control Policy DSL modeled after AWS IAM Policies obsolete. This guide will help you +to rewrite your policies in to [relation-tuples](../concepts/relation-tuples). ## Legacy rules example @@ -24,8 +22,8 @@ The policy below allows `Alice` and `Bob` to create/read/modify/delete `blog_pos ## Rewriting it to relationships -According to the example above we need to create required [namespace](https://www.ory.sh/docs/keto/concepts/namespaces) and -[relationship](https://www.ory.sh/docs/keto/concepts/relation-tuples) +According to the example above we need to create required [namespace](../concepts/namespaces) and +[relationship](../concepts/relation-tuples). General mapping from old to new policies @@ -35,7 +33,7 @@ General mapping from old to new policies - Effect -> Became obsolete or can be considered as Relations We need to have `blog_posts` namespace for our example. Let's add the following content to `keto.yml` configuration file. You can -find a good template [here](https://www.ory.sh/docs/keto/reference/configuration). +find a template in the configuration overview [here](../reference/configuration). ```yaml namespaces: @@ -99,8 +97,6 @@ keto relation-tuple parse alice_policies --format json | \ || echo "Encountered error" ``` -Bob - ```bash keto relation-tuple parse bob_policies --format json | \ keto relation-tuple create - >/dev/null \ @@ -108,8 +104,8 @@ keto relation-tuple parse bob_policies --format json | \ || echo "Encountered error" ``` -Now, we can use the [check-API](https://www.ory.sh/docs/keto/guides/simple-access-check-guide) to verify that `alice` is allowed -to `read` the `my-first-blog-post`: +Now we can use the [check-API](../guides/simple-access-check-guide) to verify that `alice` is allowed to `read` the +`my-first-blog-post`: ```sh keto check alice read blog_posts my-first-blog-post @@ -132,5 +128,5 @@ Denied ## Next steps -- [Check whether a User has Access to Something](https://www.ory.sh/docs/keto/guides/simple-access-check-guide) -- [List API: Display all Objects a User has Access to](https://www.ory.sh/docs/keto/guides/list-api-display-objects) +- [Check whether a user has access to something](../guides/simple-access-check-guide) +- [List API: Display all objects a user has access to](../guides/list-api-display-objects) diff --git a/docs/keto/self-hosted/05_go.mdx b/docs/keto/self-hosted/05_go.mdx index d4bc9bb94..33886488e 100644 --- a/docs/keto/self-hosted/05_go.mdx +++ b/docs/keto/self-hosted/05_go.mdx @@ -18,8 +18,8 @@ You can find more examples of SDK usage in the auto-generated documentation Ory Keto exposes two APIs for integration -- [gRPC](http://ory.sh/docs/keto/reference/proto-api) -- [REST](http://ory.sh/docs/keto/reference/rest-api) +- [gRPC](../reference/proto-api) +- [REST](../reference/rest-api) ## Installation @@ -58,7 +58,7 @@ class Blog implements Namespace { ``` If you want to learn more about creating permission rules read the -[Create a permission model](https://www.ory.sh/docs/keto/modeling/create-permission-model) guide. +[Create a permission model](../modeling/create-permission-model) guide. ### CreateRelationship and CheckPermission diff --git a/docs/kratos/guides/zero-trust-iap-proxy-identity-access-proxy.mdx b/docs/kratos/guides/zero-trust-iap-proxy-identity-access-proxy.mdx index 77c1fc2b3..ab77b555b 100644 --- a/docs/kratos/guides/zero-trust-iap-proxy-identity-access-proxy.mdx +++ b/docs/kratos/guides/zero-trust-iap-proxy-identity-access-proxy.mdx @@ -11,18 +11,18 @@ Kratos. Systems that have more than one component often use reverse proxies such as Nginx, Envoy, or Kong to route and authorize traffic to applications. Ory Kratos works very well in such environments. The purpose of this guide is to clarify how to use an IAP -(Identity and Access Proxy) to authorize incoming requests. In this tutorial we will be using -[Ory Oathkeeper](https://github.com/ory/oathkeeper) to achieve this. +(Identity and Access Proxy) to authorize incoming requests. In this tutorial we will be using [Ory Oathkeeper](../../oathkeeper) +to achieve this. This guide expects that you have familiarized yourself with Ory Kratos' concepts introduced in the [Quickstart](../quickstart.mdx). -To ensure that no one can access the dashboard without prior authentication, we are making use of our reverse proxy -([Ory Oathkeeper](https://github.com/ory/oathkeeper)) denying all unauthenticated traffic to `http://secure-app/dashboard` and -redirecting the user to the login page at `http://secure-app/auth/login`. Further, we will configure access to -`http://secure-app/auth/login` in such a way that access only works if one isn't yet authenticated. +To ensure that no one can access the dashboard without prior authentication, we are making use of our Ory Oathkeeper as reverse +proxy denying all unauthenticated traffic to `http://secure-app/dashboard` and redirecting the user to the login page at +`http://secure-app/auth/login`. Further, we will configure access to `http://secure-app/auth/login` in such a way that access only +works if one isn't yet authenticated. -## Running Ory Kratos and the Ory Oathkeeper identity and access proxy +## Run Ory Kratos and the Ory Oathkeeper identity and access proxy Clone the Ory Kratos repository and fetch the latest images: @@ -192,7 +192,7 @@ We define several configuration options for Ory Oathkeeper such as the port for #### Cookie Session Authenticator -The [Cookie Session Authenticator](https://www.ory.sh/docs/oathkeeper/pipeline/authn#cookie_session) is enabled and points to +The [Cookie Session Authenticator](../../oathkeeper/pipeline/authn#cookie_session) is enabled and points to [Ory Kratos' `/sessions/whoami` API](../reference/api). It uses the `ory_kratos_session` cookie to identify if a request contains a session or not: @@ -215,8 +215,8 @@ It's doing what the `needsLogin` function did in the [Quickstart](../quickstart. #### Anonymous Authenticator -The [Anonymous Authenticator](https://www.ory.sh/docs/oathkeeper/pipeline/authn#anonymous) is useful for endpoints that don't need -login, such as the registration screen: +The [Anonymous Authenticator](../../oathkeeper/pipeline/authn#anonymous) is useful for endpoints that don't need login, such as +the registration screen: ```yaml title="contrib/quickstart/oathkeeper/oathkeeper.yml" # ... @@ -230,9 +230,8 @@ authenticators: #### Allowed Authorizer -The [Allowed Authenticator](https://www.ory.sh/docs/oathkeeper/pipeline/authz#allowed) simply allows all users to access the URL. -Since we don't have Role-based access control (RBAC) or an Access Control list (ACL) in place for this example, this will be -enough. +The [Allowed Authenticator](../../oathkeeper/pipeline/authz#allowed) simply allows all users to access the URL. Since we don't +have Role-based access control (RBAC) or an Access Control list (ACL) in place for this example, this will be enough. ```yaml title="contrib/quickstart/oathkeeper/oathkeeper.yml" # ... @@ -244,8 +243,8 @@ authorizers: ### ID Token Mutator -The [ID Token Mutator](https://www.ory.sh/docs/oathkeeper/pipeline/mutator#id_token) takes all the available session information -and puts it into a JSON Web Token (JWT). The protected `SecureApp` will now receive +The [ID Token Mutator](../../oathkeeper/pipeline/mutator#id_token) takes all the available session information and puts it into a +JSON Web Token (JWT). The protected `SecureApp` will now receive `Authorization: bearer ` @@ -259,8 +258,8 @@ The JWT is signed using a RS256 key. To verify the JWT we can use the public key You can generate the RS256 key yourself by running `oathkeeper credentials generate --alg RS256 > id_token.jwks.json`. -We also enabled the [NoOp Mutator](https://www.ory.sh/docs/oathkeeper/pipeline/mutator#) for the various other endpoints such as -login and registration: +We also enabled the [NoOp Mutator](../../oathkeeper/pipeline/mutator#) for the various other endpoints such as login and +registration: ```yaml title="contrib/quickstart/oathkeeper/oathkeeper.yml" mutators: @@ -278,9 +277,8 @@ mutators: } ``` -You could obviously also use other mutators such as the -[Header Mutator](https://www.ory.sh/docs/oathkeeper/pipeline/mutator#header) and use headers such as `X-User-ID` instead of the -JWT. +You could obviously also use other mutators such as the [Header Mutator](../../oathkeeper/pipeline/mutator#header) and use headers +such as `X-User-ID` instead of the JWT. ### Error Handling diff --git a/docs/kratos/manage-identities/25_import-user-accounts-identities.mdx b/docs/kratos/manage-identities/25_import-user-accounts-identities.mdx index 361933956..e27265af2 100644 --- a/docs/kratos/manage-identities/25_import-user-accounts-identities.mdx +++ b/docs/kratos/manage-identities/25_import-user-accounts-identities.mdx @@ -727,11 +727,11 @@ When importing SAML or OIDC connections that are only available for certain [org ## Bulk import identities from other providers To import multiple identities into Ory Identities, use the -[Identity Import API](https://www.ory.sh/docs/reference/api#tag/identity/operation/batchPatchIdentities). +[Identity Import API](../reference/api#tag/identity/operation/batchPatchIdentities). The Identity Import API enforces limits which are documented in the -[API reference](https://www.ory.sh/docs/reference/api#tag/identity/operation/batchPatchIdentities). If you need to import more -identities, split the import into multiple requests. +[API reference](../reference/api#tag/identity/operation/batchPatchIdentities). If you need to import more identities, split the +import into multiple requests. The endpoint accepts a JSON array of identities, each of which must have a `create` property that holds the identity that should be created. Optionally, you can specify a `patch_id` property (which must be a UUID) which will be returned in the response. This diff --git a/docs/kratos/self-hosted/05_go.mdx b/docs/kratos/self-hosted/05_go.mdx index 1ff457803..de60c8f00 100644 --- a/docs/kratos/self-hosted/05_go.mdx +++ b/docs/kratos/self-hosted/05_go.mdx @@ -62,7 +62,7 @@ func main() { ## Use Frontend API -The following code examples show how to use the [FrontendAPI](https://www.ory.sh/docs/kratos/reference/api#tag/frontend). +The following code examples show how to use the [FrontendAPI](../reference/api#tag/frontend). ### toSession @@ -112,8 +112,7 @@ func main() { ## Use Identity Management API -The following code examples show how to use the [IdentityAPI](https://www.ory.sh/docs/kratos/reference/api#tag/identity) requests -need to be authorized. +The following code examples show how to use the [IdentityAPI](../reference/api#tag/identity) requests need to be authorized. ### CreateIdentity and DeleteIdentity diff --git a/docs/kratos/self-service/flows/user-settings.mdx b/docs/kratos/self-service/flows/user-settings.mdx index 00262a22f..354d7c2ff 100644 --- a/docs/kratos/self-service/flows/user-settings.mdx +++ b/docs/kratos/self-service/flows/user-settings.mdx @@ -277,8 +277,8 @@ example) to the configured settings URL. ]}> -Ory Network offers a default UI for all self-service flows. Visit the -[Bring Your Own UI](https://www.ory.sh/docs/kratos/bring-your-own-ui/01_overview.mdx) document for more info on a custom UI. +The Ory Network offers a default UI for all self-service flows. Visit the +[Bring Your Own UI](../../bring-your-own-ui/05_custom-ui-basic-integration.mdx) document for more info on a custom UI. diff --git a/docs/migrate-to-ory/index.mdx b/docs/migrate-to-ory/index.mdx index 34cea493a..9e25b4543 100644 --- a/docs/migrate-to-ory/index.mdx +++ b/docs/migrate-to-ory/index.mdx @@ -31,7 +31,7 @@ Before starting the actual migration you should choose a migration strategy. :::info If you are not sure whether or not you need OAuth2 for your use case, please read the -[When to use OAuth2](https://www.ory.sh/docs/hydra/concepts/before-oauth2) documentation. +[When to use OAuth2](../hydra/concepts/before-oauth2) documentation. ::: @@ -182,8 +182,8 @@ subdomains. This setup allows both your front end and back end to access the authentication session cookies managed by Ory. To begin integrating Ory into your frontend, it's helpful to start with the -["protect a page with login" guides](https://www.ory.sh/docs/getting-started/overview) that cover the basics of developing with -Ory for various programming languages and frameworks, including SDK usage and essential setup steps. +["protect a page with login" guides](../getting-started/overview) that cover the basics of developing with Ory for various +programming languages and frameworks, including SDK usage and essential setup steps. Ory Network has two types of user interfaces. We recommend starting with the built-in [Account Experience](../account-experience/index.mdx), which offers a standard user interface, covering all self-service flows @@ -199,10 +199,10 @@ Ory Elements can be found [here](../kratos/bring-your-own-ui/custom-ui-ory-eleme When the frontend makes an API call to your backend, it will include the necessary cookies. Your backend must then forward these cookies when calling the Ory API to validate the session. For example in a Go backend, you could use a -[middleware](https://www.ory.sh/docs/getting-started/integrate-auth/go#validate-and-login) to intercept API requests and validate -the session by calling Ory’s toSession() method. Ensure that the cookies received from the front end are forwarded in this call. -Since backend calls to Ory’s API won’t automatically include cookies, you must manually attach the relevant cookies to these -requests. This is important for the backend to be able to check the session. +[middleware](../getting-started/integrate-auth/go#validate-and-login) to intercept API requests and validate the session by +calling Ory’s toSession() method. Ensure that the cookies received from the front end are forwarded in this call. Since backend +calls to Ory’s API won’t automatically include cookies, you must manually attach the relevant cookies to these requests. This is +important for the backend to be able to check the session. When using Ory to manage identities, it is best practice to store business logic in your application database and keep only authentication-relevant data in Ory. Here’s a general approach: diff --git a/docs/oathkeeper/guides/websockets.mdx b/docs/oathkeeper/guides/websockets.mdx index a7d6cad7e..225ebfd2f 100644 --- a/docs/oathkeeper/guides/websockets.mdx +++ b/docs/oathkeeper/guides/websockets.mdx @@ -144,10 +144,9 @@ import rules from '!!raw-loader!../../../code-examples/oathkeeper/oathkeeper/acc {rules} ``` -This configuration of Ory Oathkeeper uses the -[cookie authenticator](https://www.ory.sh/docs/oathkeeper/pipeline/authn#cookie_session) against Ory Kratos and proxies only -authenticated requests to `http://ws:8080` upstream. The `ws` hostname is resolved through the Docker network. If you aren't -deploying your application within Docker, this would just be your localhost IP. +This configuration of Ory Oathkeeper uses the [cookie authenticator](../pipeline/authn#cookie_session) against Ory Kratos and +proxies only authenticated requests to `http://ws:8080` upstream. The `ws` hostname is resolved through the Docker network. If you +aren't deploying your application within Docker, this would just be your localhost IP. ## WebSocket service diff --git a/docs/oathkeeper/pipeline/authz.md b/docs/oathkeeper/pipeline/authz.md index c19042b0f..9830c6ab8 100644 --- a/docs/oathkeeper/pipeline/authz.md +++ b/docs/oathkeeper/pipeline/authz.md @@ -131,11 +131,10 @@ authorizer. - `subject` (string, optional) - See section below. - `flavor` (string, optional) - See section below. -#### Resource, relation (action), subject +#### Resource, relation, subject -> Actions were renamed to relations. Read the -> [Ory Keto policy migration guide](https://www.ory.sh/docs/keto/guides/migrating-legacy-policies#rewriting-it-to-relationships) -> for more details. +Actions were renamed to relations. Read the +[Ory Keto policy migration guide](../../keto/guides/migrating-legacy-policies#rewriting-it-to-relationships) for more details. This authorizer has four configuration options, `required_action`, `required_resource`, `subject`, and `flavor`: diff --git a/docs/oauth2-oidc/index.md b/docs/oauth2-oidc/index.md index 6332866c7..ed07dc8d3 100644 --- a/docs/oauth2-oidc/index.md +++ b/docs/oauth2-oidc/index.md @@ -87,6 +87,6 @@ Ory OAuth2 and OpenID Connect can be used for a wide range of use cases, includi ## Next steps -See [Ory Network OAuth2 quickstart guide](https://www.ory.sh/docs/getting-started/ory-network-oauth2) to learn how to set up your -own OAuth2 and OpenID Connect provider in just a few minutes. The guide walks you through the process of setting up Ory OAuth2 and -OpenID Connect and configuring a sample application to use the service. +See [Ory Network OAuth2 quickstart guide](../getting-started/ory-network-oauth2) to learn how to set up your own OAuth2 and OpenID +Connect provider in just a few minutes. The guide walks you through the process of setting up Ory OAuth2 and OpenID Connect and +configuring a sample application to use the service. diff --git a/docs/oauth2-oidc/jwt-access-token.mdx b/docs/oauth2-oidc/jwt-access-token.mdx index 3944bb146..dcece1c7f 100644 --- a/docs/oauth2-oidc/jwt-access-token.mdx +++ b/docs/oauth2-oidc/jwt-access-token.mdx @@ -130,9 +130,8 @@ interact with. If you're looking to interact with the default keys used by Ory, You can use these `set-id` values with the JWK endpoints to retrieve, rotate, or otherwise manage these default key sets. For example, to retrieve the OpenID Connect ID Token key set, you would use the `GET /admin/keys/{set}` endpoint with `hydra.openid.id-token` as the `{set}` parameter. This information is particularly useful when rotating keys, as described in the -[documentation on key rotation](https://www.ory.sh/docs/hydra/self-hosted/secrets-key-rotation). Remember, these are the default -key sets used by Ory. If you've configured Ory to use different key sets, you'll need to use the `set-id` values corresponding to -your custom key sets. +[documentation on key rotation](../hydra/self-hosted/secrets-key-rotation). Remember, these are the default key sets used by Ory. +If you've configured Ory to use different key sets, you'll need to use the `set-id` values corresponding to your custom key sets. ## Custom consent UI and custom claims for (JWT) access token