Skip to content
You will never build user login, signup / registration, profile management, social sign in, mfa, ... yourself again. The most advanced, secure, customizable Identity Provider ever. Written in Go and for the cloud. Runs on Linux, macOS, Windows, Docker, Kubernetes, and your Raspberry PI.
Go Other
  1. Go 99.4%
  2. Other 0.6%
Branch: master
Clone or download
aeneasr Replace DBAL layer with gobuffalo/pop (#130)
This is a major refactoring of the internal DBAL. After a successful proof of concept and evaluation of gobuffalo/pop, we believe this to be the best DBAL for Go at the moment. It abstracts a lot of boilerplate code away.

As with all sophisticated DBALs, pop too has its quirks. There are several issues that have been discovered during testing and adoption: gobuffalo/pop#136 gobuffalo/pop#476 gobuffalo/pop#473 gobuffalo/pop#469 gobuffalo/pop#466

However, the upside of moving much of the hard database/sql plumbing into another library cleans up the code base significantly and reduces complexity.

As part of this change, the "ephermal" DBAL ("in memory") will be removed and sqlite will be used instead. This further reduces complexity of the code base and code-duplication.

To support sqlite, CGO is required, which means that we need to run tests with `go test -tags sqlite` on a machine that has g++ installed. This also means that we need a Docker Image with `alpine` as opposed to pure `scratch`. While this is certainly a downside, the upside of less maintenance and "free" support for SQLite, PostgreSQL, MySQL, and CockroachDB simply outweighs any downsides that come with CGO.
Latest commit 21d08b8 Dec 1, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.circleci Replace DBAL layer with gobuffalo/pop (#130) Dec 1, 2019
.github docs: Updates issue and pull request templates (#59) Aug 5, 2019
.releaser Rebrand ORY Hive to ORY Kratos (#111) Nov 6, 2019
cmd Replace DBAL layer with gobuffalo/pop (#130) Dec 1, 2019
contrib Replace DBAL layer with gobuffalo/pop (#130) Dec 1, 2019
docs Replace DBAL layer with gobuffalo/pop (#130) Dec 1, 2019
driver Replace DBAL layer with gobuffalo/pop (#130) Dec 1, 2019
identity Replace DBAL layer with gobuffalo/pop (#130) Dec 1, 2019
internal Replace DBAL layer with gobuffalo/pop (#130) Dec 1, 2019
notify Implement identity management, login, and registration (#22) Nov 4, 2019
persistence Replace DBAL layer with gobuffalo/pop (#130) Dec 1, 2019
schema ss: Add profile management and refactor internals Dec 1, 2019
scripts Implement identity management, login, and registration (#22) Nov 4, 2019
sdk/go/kratos Replace DBAL layer with gobuffalo/pop (#130) Dec 1, 2019
selfservice Replace DBAL layer with gobuffalo/pop (#130) Dec 1, 2019
session Replace DBAL layer with gobuffalo/pop (#130) Dec 1, 2019
stub ss: Add profile management and refactor internals Dec 1, 2019
verify Rebrand ORY Hive to ORY Kratos (#111) Nov 6, 2019
x Replace DBAL layer with gobuffalo/pop (#130) Dec 1, 2019
.dockerignore Replace DBAL layer with gobuffalo/pop (#130) Dec 1, 2019
.gitignore Rebrand ORY Hive to ORY Kratos (#111) Nov 6, 2019
.golangci.yml Replace DBAL layer with gobuffalo/pop (#130) Dec 1, 2019
CONTRIBUTING.md Rebrand ORY Hive to ORY Kratos (#111) Nov 6, 2019
Dockerfile Replace DBAL layer with gobuffalo/pop (#130) Dec 1, 2019
LICENSE Rebrand ORY Hive to ORY Kratos (#111) Nov 6, 2019
Makefile Replace DBAL layer with gobuffalo/pop (#130) Dec 1, 2019
README.md Replace DBAL layer with gobuffalo/pop (#130) Dec 1, 2019
SECURITY.md docs: Updates issue and pull request templates (#8) May 23, 2019
go.mod Replace DBAL layer with gobuffalo/pop (#130) Dec 1, 2019
go.sum Replace DBAL layer with gobuffalo/pop (#130) Dec 1, 2019
main.go Rebrand ORY Hive to ORY Kratos (#111) Nov 6, 2019
swagger_meta.go Replace DBAL layer with gobuffalo/pop (#130) Dec 1, 2019
swagger_types_global.go Replace DBAL layer with gobuffalo/pop (#130) Dec 1, 2019
swagger_types_overrides.go Replace DBAL layer with gobuffalo/pop (#130) Dec 1, 2019

README.md

ORY Kratos

Chat | Forums | Newsletter

Guide | API Docs | Code Docs

Support this project!


Build Status Coverage Status Go Report Card CII Best Practices

ORY Kratos is the first and only cloud native Identity and User Management system in the world. The days where you would implement a User Login for the 10th time are finally over! ORY Kratos includes

  • user login and registration using a variety of configurable authentication mechanisms: Username/Email + Password, Social Sign In ("Sign in with GitHub, Google, ..."), Passwordless and others.
  • multi-factor authentication supporting a wide range of protocols such as Google Authenticator (formalized as RFC 6238 and IETF RFC 4226).
  • account verification and account recovery by several means: E-Mail, Recovery Codes, ...
  • storing user information in a way that does not enforce our data model on you, but allows you to define what data certain users may store using JSON Schema. If you have more than one identity type no problem - every identity can have its own JSON Schema - even versioned!
  • headless UI - instead of learning our custom (and probably not that great) template engine, just bring your own! ORY Kratos is all APIs and you can write your UI in the language (JavaScript, Node, Java, PHP, ...) and framework (React, Vue, Angular, ...) you like! Check out our reference UI implementation - it's below 100 lines of code!
  • a workflow engine to decide what happens after, for example, a user signs up (redirect somewhere? require activation before login? issue session right away?) as well as to notify other systems on certain actions (create a Stripe account after sign up, synchronize with newsletter, ...).
  • ... and of course many more features that would blow the scope of this introduction.

Timeline

ORY Kratos is not yet released and is undergoing continuous and active development. The core featureset is done but several more steps are required before version 0.0.1 can be released. To find out the current progress, planned features for each milestone, and more information please head over to milestones.

What's different?

This section is a work in progress.

  • There is no templating as with other full-stack solutions. You implement a "login, registration, ... ui" which interacts with ORY Kratos. Want Progressive Registration? No problem. Just need a username on sign up? Sure! How about your favorite pet name as a required sign up field? Of course!
  • While other solutions support an API-driven approach, they leave you with the burden of making things secure (e.g. CSRF Tokens), storing state, and so on. In ORY Kratos, all of this is done for you using - among others - HTTP Redirection.
  • ORY Kratos does not need OAuth2 and OpenID Connect. We know that big players in the market have tried selling you OAuth2 and OpenID Connect for years as "the most secure" and "very easy to use" protocol. Fact is, OAuth2 and OpenID Connect are not designed for first-party use ("I just want people to be able to log into my mobile app"). ORY Kratos makes integration a one-minute process using a HTTP Reverse Proxy. Include links to docs here. If you want OAuth2 (you want to become the new "Sign in with Google" provider), we have ORY Hydra that integrates natively with ORY Kratos!
  • You decide what happens after sign up and login (each customizable on its own): Redirect the user to a certain page? Create a Stripe account? Require account activation via email before being allowed to sign in?

Telemetry

Our services collect summarized, anonymized data that can optionally be turned off. Click here to learn more.

Documentation

Guide

The Guide is available here.

HTTP API documentation

The HTTP API is documented here.

Upgrading and Changelog

New releases might introduce breaking changes. To help you identify and incorporate those changes, we document these changes in UPGRADE.md and CHANGELOG.md.

Command line documentation

Run kratos -h or kratos help.

You can’t perform that action at this time.