ORY Kratos is the first and only cloud native Identity and User Management system in the world. The days where you would implement a User Login for the 10th time are finally over! ORY Kratos includes
- user login and registration using a variety of configurable authentication mechanisms: Username/Email + Password, Social Sign In ("Sign in with GitHub, Google, ..."), Passwordless and others.
- multi-factor authentication supporting a wide range of protocols such as Google Authenticator (formalized as RFC 6238 and IETF RFC 4226).
- account verification and account recovery by several means: E-Mail, Recovery Codes, ...
- storing user information in a way that does not enforce our data model on you, but allows you to define what data certain users may store using JSON Schema. If you have more than one identity type no problem - every identity can have its own JSON Schema - even versioned!
- a workflow engine to decide what happens after, for example, a user signs up (redirect somewhere? require activation before login? issue session right away?) as well as to notify other systems on certain actions (create a Stripe account after sign up, synchronize with newsletter, ...).
- ... and of course many more features that would blow the scope of this introduction.
ORY Kratos is not yet released and is undergoing continuous and active development. The core featureset is done but several more steps are required before version 0.0.1 can be released. To find out the current progress, planned features for each milestone, and more information please head over to milestones.
This section is a work in progress.
- There is no templating as with other full-stack solutions. You implement a "login, registration, ... ui" which interacts with ORY Kratos. Want Progressive Registration? No problem. Just need a username on sign up? Sure! How about your favorite pet name as a required sign up field? Of course!
- While other solutions support an API-driven approach, they leave you with the burden of making things secure (e.g. CSRF Tokens), storing state, and so on. In ORY Kratos, all of this is done for you using - among others - HTTP Redirection.
- ORY Kratos does not need OAuth2 and OpenID Connect. We know that big players in the market have tried selling you OAuth2 and OpenID Connect for years as "the most secure" and "very easy to use" protocol. Fact is, OAuth2 and OpenID Connect are not designed for first-party use ("I just want people to be able to log into my mobile app"). ORY Kratos makes integration a one-minute process using a HTTP Reverse Proxy. Include links to docs here. If you want OAuth2 (you want to become the new "Sign in with Google" provider), we have ORY Hydra that integrates natively with ORY Kratos!
- You decide what happens after sign up and login (each customizable on its own): Redirect the user to a certain page? Create a Stripe account? Require account activation via email before being allowed to sign in?
Our services collect summarized, anonymized data that can optionally be turned off. Click here to learn more.
The Guide is available here.
HTTP API documentation
The HTTP API is documented here.
Upgrading and Changelog
Command line documentation
kratos -h or