Ory takes a fundamentally different approach to identity by decomposing authentication and authorization into independent, composable microservices rather than providing a monolithic identity server. Kratos handles user identity management including registration, login, account recovery, and profile management through a headless API that teams customize with their own UI. Hydra implements the OAuth 2.0 and OpenID Connect specification as a standalone service that delegates authentication decisions to existing identity systems.

Oathkeeper serves as an identity-aware reverse proxy that authenticates and authorizes incoming API requests based on configurable rules. Keto implements Google's Zanzibar paper for fine-grained relationship-based access control, enabling permission models like those used by Google Drive and GitHub. Each component runs independently with its own database and API, allowing teams to adopt only the pieces they need rather than deploying an entire identity platform.

Ory's adoption by OpenAI and other high-scale organizations validates the architecture for demanding production environments. The entire suite is open-source under Apache 2.0, with Ory Network providing a managed cloud deployment for teams that want the modular architecture without the operational overhead. The Go-based codebase emphasizes performance and small resource footprints, making Ory components suitable for both cloud deployments and edge environments with limited resources.

Ory

Pricing

Platforms

Categories

Tags

Use Cases

Alternatives

Authentik

Keycloak

Comparisons

Ory vs Auth0 — Modular Open-Source Identity Suite vs Managed Authentication Platform