ory · vinckr · Jun 2, 2025 · May 30, 2025 · May 30, 2025 · May 30, 2025
@@ -19,8 +19,7 @@ This guide is perfect for you if:
 
 :::info
 
-You can find the code of the sample application [here](https://github.com/ory/kratos-selfservice-ui-react-native). The application
-is also available to download from the [Apple App Store](https://apps.apple.com/pl/app/ory-profile-app/id1536546333).
+You can find the code of the sample application [here](https://github.com/ory/kratos-selfservice-ui-react-native).
 
 :::
 

@@ -6,9 +6,9 @@ sidebar_label: Try it
 
 # Try common OAuth2 Grants
 
-[Ory OAuth2 & OpenID Connect](https://www.ory.sh/federated-identity-management/) (based on
-[Ory Hydra](https://github.com/ory/hydra)) is available in the Ory Network out of the box. This means that you can use OIDC,
-Authorization Code Grant, Client Credentials Grant, and more, without additional configuration.
+[Ory OAuth2 & OpenID Connect](https://www.ory.sh/hydra) (based on [Ory Hydra](https://github.com/ory/hydra)) is available in the
+Ory Network out of the box. This means that you can use OIDC, Authorization Code Grant, Client Credentials Grant, and more,
+without additional configuration.
 
 Following this guide allows you to experience the most commonly used OAuth2 flows and see how they work in Ory Network. The
 examples will take you through the following steps:

@@ -4,7 +4,7 @@ title: Setting up cross-origin resource sharing (CORS)
 ---
 
 Both Ory Hydra's Admin and Public endpoints support CORS. For detailed information, head over to the exemplary
-[config file](https://github.com/ory/hydra/blob/master/docs/config.yaml).
+[config file](https://github.com/ory/hydra/blob/master/.schema/config.schema.json).
 
 For CORS to work properly, we encourage to set the following values:
 

@@ -133,44 +133,8 @@ Public Key Object; RSA 4096 bits
 
 ## Testing with SoftHSM
 
-[SoftHSM](https://www.opendnssec.org/softhsm/) is an implementation of a cryptographic store accessible through a PKCS #11
-interface. You can use it to explore PKCS#11 without having a Hardware Security Module. It's being developed as a part of the
-OpenDNSSEC project.
-
-[Follow these instructions to build SoftHSM from source.](https://wiki.opendnssec.org/display/SoftHSMDOCS/SoftHSM+Documentation+v2)
-
-### Install SoftHSM/OpenSC on Mac OSX
-
-```sh
-ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)" 2> /dev/null
-```
-
-```sh
-brew install softhsm
-```
-
-```sh
-ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)" 2> /dev/null
-```
-
-```sh
-brew install opensc
-```
-
-### Install SoftHSM/OpenSC on Ubuntu
-
-```sh
-sudo apt update
-```
-
-```sh
-sudo apt install softhsm opensc
-```
-
-### Install SoftHSM/OpenSC on Windows
-
-Follow these instructions to install [SoftHSM](https://github.com/disig/SoftHSM2-for-Windows) and
-[OpenSC](https://github.com/OpenSC/OpenSC/wiki) on windows.
+[SoftHSM](https://www.softhsm.org/) is an implementation of a cryptographic store accessible through a PKCS #11 interface. You can
+use it to explore PKCS#11 without having a Hardware Security Module. It's being developed as a part of the OpenDNSSEC project.
 
 ### Run Ory Hydra with HSM using Docker
 

@@ -389,48 +389,3 @@ local claims = std.extVar('claims');
   },
 }
 ```
-
-### SAML via BoxyHQ
-
-:::note
-
-Previously a third party integration provided SAML SSO in Ory Network. The third party BoxyHQ integration is still supported for
-backwards compatibility, but the native SAML support in Ory Network is recommended for new projects. Please contact us
-[Ory Support](mailto:support@ory.sh) for any questions.
-
-:::
-
-#### Prerequisites
-
-Before proceeding, ensure you have the following:
-
-- Access to [Ory Network](https://console.ory.sh/)
-- An active account with [BoxyHQ](https://app.eu.boxyhq.com/auth/join)
-- [Ory CLI](../../guides/cli/installation)
-
-#### Configuration
-
-To set up the integration, you'll need to get your Ory Network session token:
-
-- [Install the Ory CLI](../../guides/cli/installation) on your system.
-- Run `ory auth` to sign into your Ory Network account.
-- Locate the session token in the `.ory-cloud.json` file in your home folder. This token starts with the prefix `ory_st`. You can
-  use `cat ~/.ory-cloud.json | grep 'ory_st'` to find it.
-
-You'll also need your Ory Project ID. You can find this in your
-[Ory Network settings](https://console.ory.sh/projects/current/settings).
-
-Next, you'll configure the session token and Project ID in BoxyHQ.
-
-Follow these steps:
-
-- Log into your [BoxyHQ account](https://app.boxyhq.com/).
-- Create a new Product if you haven't already.
-- Navigate to Settings > Ory Integration.
-- Paste your session token and Project ID into the respective input fields and save the configuration.
-
-Once configured, the integration between BoxyHQ and Ory Network will automatically set up a new Organization and a generic OIDC
-connection whenever you create a new SSO connection on BoxyHQ. All user management will then flow through Ory Network.
-
-To verify the integration, navigate to your Ory Account Experience UI and enter an email associated with the domain you
-configured. If successful, the "Sign in with SSO" button should appear.
@@ -39,10 +39,9 @@ Follow these steps to add Twitch as a social sign-in provider to your project us
 
    :::info
 
-   [Twitch provides an OIDC discovery URL](https://accounts.Twitch.com/.well-known/openid-configuration), but it doesn't support
-   the `openid` claim and returns an `access_token` only. Ory sends requests to
-   [Twitch's /me API](https://developer.Twitch.com/documentation/web-api/reference/#/operations/get-current-users-profile) and
-   adds the user info to `std.extVar('claims')`.
+   [Twitch provides an OIDC discovery URL](https://id.twitch.tv/oauth2/.well-known/openid-configuration), but it doesn't support
+   the `openid` claim and returns an `access_token` only. Ory sends requests to Twitch's /me API and adds the user info to
+   `std.extVar('claims')`.
 
    :::
 

@@ -8,7 +8,7 @@ sidebar_label: Yandex
 
 Follow these steps to add Yandex as a social sign-in provider to your project using the Ory CLI:
 
-1. [Create a Yandex OAuth2 Application](https://yandex.com/dev/oauth/doc/dg/tasks/register-client.html).
+1. [Create a Yandex OAuth2 Application](https://yandex.com/dev/id/doc/en/register-client).
 2. In the created app, set the redirect URI to:
 
    ```shell
@@ -33,9 +33,8 @@ Follow these steps to add Yandex as a social sign-in provider to your project us
 
    :::info
 
-   [Yandex](https://yandex.com/dev/oauth/doc/dg/concepts/about.html) returns an `access_token` but doesn't return an `id_token`.
-   Ory sends requests to [Yandex's API](https://yandex.com/dev/passport/doc/dg/reference/request.html) and adds the user info to
-   `std.extVar('claims')`.
+   [Yandex](https://yandex.com/dev/id/doc/en/) returns an `access_token` but doesn't return an `id_token`. Ory sends requests to
+   Yandex's API and adds the user info to `std.extVar('claims')`.
 
    :::
 

@@ -15,8 +15,8 @@ While Ory Oathkeeper works well with Ory OAuth2 & OpenID Connect (Ory Hydra) and
 and alongside other stacks with adjacent problem domains (Keycloak, Gluu, Vault). Ory Oathkeeper's Access Control Decision API
 works with
 
-- [Ambassador](https://github.com/datawire/ambassador) via
-  [auth service](https://www.getambassador.io/reference/services/auth-service)
+- [Emissary-ingress](https://github.com/emissary-ingress/emissary) via
+  [auth service](https://www.getambassador.io/docs/edge-stack/latest/topics/running/services/auth-service)
 - [Envoy](https://www.envoyproxy.io) via the
   [External Authorization HTTP Filter](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/security/ext_authz_filter.html)
 - AWS API Gateway via

@@ -10,7 +10,7 @@ Generator. This document standardizes Ory's V1 API contract.
 
 Ory has an established API and SDK generation system consisting of four parts:
 
-1. Extraction of code comments from Go Code using [Go Swagger](https://goswagger.io/generate/spec.html)
+1. Extraction of code comments from Go Code using [Go Swagger](https://goswagger.io/go-swagger/generate-spec/)
    ([example](https://github.com/ory/kratos/blob/bd4af9ab9f872b5dacf6e7abaf2cad5ffc83ddd6/Makefile#L89-L93));
 2. Conversion of Swagger 2.0 to OpenAPI Spec 3.0 and applying JsonPatch documents to improve the OpenAPI 3.0 file
    ([example](https://github.com/ory/kratos/blob/bd4af9ab9f872b5dacf6e7abaf2cad5ffc83ddd6/Makefile#L96-L109));
@@ -53,7 +53,7 @@ This section discusses how Ory uses OpenAPI 3.0.
 ### Routes
 
 Routes are the functions of an RPC infrastructure and are annotated using
-[`swagger:route`](https://goswagger.io/use/spec/route.html):
+[`swagger:route`](https://goswagger.io/go-swagger/reference/annotations/route/):
 
 ```go
 // swagger:route [method] [path pattern] [?tag1 tag2 tag3] [operation id]

@@ -9,7 +9,7 @@ Ory Polis container images are signed and can be verified using [cosign](https:/
 ## Fetching public key
 
 You can use [oras](https://oras.land) (or a similar OCI artifacts tool) to fetch the public key or download it from the website
-[here](https://ory.sh/.well-known/cosign.pub).
+[here](https://boxyhq.com/.well-known/cosign.pub).
 
 ```bash
 oras pull ghcr.io/boxyhq/cosign.pub:latest

@@ -164,7 +164,7 @@ To learn how to use Session to JWT, read the [Session to JWT documentation](./id
 ## Can I use OAuth 2.0 / OpenID Connect?
 
 Ory is fully compliant with OAuth 2.0 and OpenID Connect. If you are interested to use OAuth 2.0 / OpenID Connect for advanced use
-cases, check out [Ory OAuth 2.0 and OpenID](https://www.ory.sh/federated-identity-management/) documentation.
+cases, check out [Ory OAuth 2.0 and OpenID](https://www.ory.sh/hydra) documentation.
 
 :::tip
 
@@ -175,13 +175,13 @@ for you.
 :::
 
 At Ory, we believe that OAuth 2.0 and OpenID Connect isn't a one-size-fits-all solution. In fact, we think that you probably don't
-need to use such complicated protocols at all! We recommend using
-[Ory OAuth2 & OpenID](https://www.ory.sh/federated-identity-management/) for targeted use cases only, such as providing
-third-party integration with your application (for example, in the form of the familiar "Sign in with [PROVIDER_NAME]" button).
+need to use such complicated protocols at all! We recommend using [Ory OAuth2 & OpenID](https://www.ory.sh/hydra) for targeted use
+cases only, such as providing third-party integration with your application (for example, in the form of the familiar "Sign in
+with [PROVIDER_NAME]" button).
 
 ## What about access tokens / refresh tokens?
 
-You can generate access and refresh tokens using [Ory OAuth2 & OpenID](https://www.ory.sh/federated-identity-management/). We do
-not recommend using access and refresh tokens for session management! Visit
+You can generate access and refresh tokens using [Ory OAuth2 & OpenID](https://www.ory.sh/hydra). We do not recommend using access
+and refresh tokens for session management! Visit
 [ Why you probably do not need OAuth2 / OpenID Connect](https://www.ory.sh/oauth2-openid-connect-do-you-need-use-cases-examples/)
 to read more about it.
@@ -236,7 +236,7 @@ export default function ConfigMarkdown(props: { src: string; binary: string }) {
       </Admonition>
       <p>
         To find out more about edge cases like setting string array values
-        through environmental variables head to the
+        through environmental variables head to the{" "}
         <a href={"/docs/ecosystem/configuring"}>Configuration</a> section.
       </p>
-Original file line number
+Diff line change
@@ Expand Up / @@ -19,8 +19,7 @@ This guide is perfect for you if: @@
     :::info
-    You can find the code of the sample application [here](https://github.com/ory/kratos-selfservice-ui-react-native). The application
-    is also available to download from the [Apple App Store](https://apps.apple.com/pl/app/ory-profile-app/id1536546333).
+    You can find the code of the sample application [here](https://github.com/ory/kratos-selfservice-ui-react-native).
     :::
@@ Expand Down @@