ITithub.directory
Directory
Ory

Ory

Open SourceAPI

Ory is an open source identity infrastructure platform providing authentication, authorization, and user management APIs

www.ory.sh

Last updated: April 2026

Ory is an open source identity infrastructure platform providing authentication, authorization, and user management APIs built on zero-trust principles.

Visit Website
10views|1clicks
Identity & Access ManagementOpen SourceEnterpriseDeveloper-FocusedAPI-First

About

Ory is an open source identity infrastructure company that provides a suite of modular, cloud-native identity and access management components built for developers. Designed with zero-trust principles and modern cloud architecture in mind, Ory's projects cover authentication (Ory Kratos), authorization (Ory Keto), OAuth2/OIDC (Ory Hydra), API access control (Ory Oathkeeper), and network security (Ory Network), providing a complete identity stack that can be deployed self-hosted or consumed as a managed service.

Ory Kratos is the open source identity and user management server. It handles user registration, login, account recovery, email verification, two-factor authentication, and social sign-in. Unlike traditional auth systems that bundle identity management with business logic, Kratos focuses exclusively on managing identities and delegates UI rendering to the application. The headless design means that the login and registration interfaces are entirely custom-built by the application, with Kratos providing only the backend logic and flow management.

Ory Hydra is a fully standards-compliant OAuth 2.0 and OpenID Connect server that can be integrated into any existing authentication system. Rather than replacing the organization's existing login system, Hydra acts as the OAuth2/OIDC layer that handles token issuance, refresh, and revocation, delegating the actual user authentication to the existing system through a custom login and consent flow.

Ory Keto is the open source permissions and authorization server implementing Google's Zanzibar authorization model. Zanzibar is the system that powers Google Drive's fine-grained sharing permissions, and Keto brings this powerful, scalable authorization model to any application. Permissions are expressed as relationship tuples that define which subjects have which relations to which objects, enabling both simple role-based and complex relationship-based access control.

Ory Oathkeeper is a zero-trust identity and access proxy that sits in front of services and applies authentication and authorization checks to every incoming request. It can validate JWTs, call upstream authorization services, and reject unauthorized requests before they reach the application, implementing zero-trust network access at the infrastructure layer.

Ory Network is the managed cloud offering for all Ory projects with global edge deployment, commercial SLAs, and enterprise support.

Positioning

Ory provides open source identity infrastructure that gives developers complete control over authentication, authorization, and user management. Its modular architecture—comprising Kratos (identity), Hydra (OAuth2), Keto (permissions), and Oathkeeper (API gateway)—lets teams adopt exactly the components they need rather than committing to a monolithic identity platform.

What distinguishes Ory from identity-as-a-service providers is its headless, API-first design. There are no pre-built login pages or embedded widgets—developers build their own UI and call Ory’s APIs, resulting in authentication flows that are indistinguishable from the rest of the application. This approach, combined with full open source availability, makes Ory the choice for organizations that need complete control over their identity stack without building it from scratch.

What You Get

  • Ory Kratos
    Cloud-native identity management with registration, login, account recovery, MFA, and profile management through a headless API
  • Ory Hydra
    OpenID Connect certified OAuth2 server that integrates with any existing identity system for standards-compliant token issuance
  • Ory Keto
    Authorization server implementing Google Zanzibar-style relationship-based access control for fine-grained permissions at scale
  • Ory Oathkeeper
    Identity-aware API gateway that authenticates and authorizes incoming requests before they reach backend services
  • Ory Network
    Managed cloud service running the full Ory stack with global edge deployment, eliminating the operational burden of self-hosting

Core Areas

Identity Management

Headless, API-first identity system for registration, login, MFA, account recovery, and profile management with custom identity schemas

OAuth2 and OpenID Connect

Certified OAuth2 and OIDC provider that can be integrated with any existing user database or identity system for standards-compliant SSO

Fine-Grained Authorization

Google Zanzibar-inspired permission system that models complex relationship-based access control with global consistency and low latency

API Security

Identity-aware reverse proxy that validates tokens, checks permissions, and transforms requests before forwarding to upstream services

Why It Matters

Identity is one of the most security-critical components of any application, yet most identity solutions force developers to choose between control and convenience. Managed auth services offer quick setup but limit customization, while building from scratch is prohibitively expensive and risky. Ory provides the third option: battle-tested, security-audited identity components that developers assemble and customize to their exact requirements.

Ory’s open source model is particularly important for identity infrastructure because it enables security auditing by anyone, eliminates vendor lock-in for the most critical part of your stack, and allows deployment in any environment including air-gapped networks. With millions of Docker pulls and adoption by companies like Sainsbury’s and Raspberry Pi, Ory has proven that open source identity can be both developer-friendly and enterprise-grade.

Reviews

No reviews yet.

Log in to write a review

Related

Teleport

Teleport

Teleport is an open source identity-aware infrastructure access platform for SSH, Kubernetes, databases, and web apps with zero-trust and audit logging.

Identity & Access Management
StrongDM

StrongDM

StrongDM is a zero-trust access management platform that provides secure, audited access to databases, servers, Kubernetes, and web applications.

Identity & Access Management
Zitadel

Zitadel

Zitadel is an open source cloud-native identity and access management platform with SSO, MFA, and multi-tenancy for B2B and B2C applications.

Identity & Access Management