ory-oathkeeper-sdk0.16.0-beta.4 • Public • Published
ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. The BeyondCorp Model is designed by Google and secures applications in Zero-Trust networks.
An Identity & Access Proxy is typically deployed in front of (think API Gateway) web-facing applications and is capable of authenticating and optionally authorizing access requests. The Access Control Decision API can be deployed alongside an existing API Gateway or reverse proxy. ORY Oathkeeper's Access Control Decision API works with:
- Ambassador via auth service.
- Envoy via the External Authorization HTTP Filter
- AWS API Gateway via Custom Authorizers
- Nginx via Authentication Based on Subrequest Result
This service is stable, but under active development and may introduce breaking changes in future releases. Any breaking change will have extensive documentation and upgrade instructions.
Head over to the ORY Developer Documentation to learn how to install ORY Oathkeeper on Linux, macOS, Windows, and Docker and how to build ORY Oathkeeper from source.
ORY Security Console: Administrative User Interface
The ORY Security Console is a visual admin interface for managing ORY Hydra, ORY Oathkeeper, and ORY Keto.
ORY Hydra: OAuth2 & OpenID Connect Server
ORY Hydra ORY Hydra is a hardened OAuth2 and OpenID Connect server optimized for low-latency, high throughput, and low resource consumption. ORY Hydra is not an identity provider (user sign up, user log in, password reset flow), but connects to your existing identity provider through a consent app.
ORY Keto: Access Control Policies as a Server
ORY Keto is a policy decision point. It uses a set of access control policies, similar to AWS IAM Policies, in order to determine whether a subject (user, application, service, car, ...) is authorized to perform a certain action on a resource.
The ory/examples repository contains numerous examples of setting up this project individually and together with other services from the ORY Ecosystem.
If you think you found a security vulnerability, please refrain from posting it publicly on the forums, the chat, or GitHub and send us an email to firstname.lastname@example.org instead.
Our services collect summarized, anonymized data which can optionally be turned off. Click here to learn more.
The Guide is available here.
HTTP API documentation
The HTTP API is documented here.
Upgrading and Changelog
Command line documentation
oathkeeper -h or
Developing with ORY Oathkeeper is as easy as:
$ cd ~$ go get -d -u github.com/ory/oathkeeper$ cd $GOPATH/src/github.com/ory/oathkeeper$ export GO111MODULE=on$ go test ./...
Thank you to all our backers! 🙏 [Become a backer]
We would also like to thank (past & current) supporters (in alphabetical order) on Patreon: Alexander Alimovs, Billy, Chancy Kennedy, Drozzy, Edwin Trejos, Howard Edidin, Ken Adler Oz Haven, Stefan Hans, TheCrealm
Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [Become a sponsor]
A special thanks goes out to Wayne Robinson for supporting this ecosystem with $200 every month since Oktober 2016 on Patreon.
npm i ory-oathkeeper-sdk