Confused between Ory Hydra and Ory Kratos for creating full-blown idp

Issue

I have a project where I want to build a full-blown IDP (using Golang). So technically, a user wants to SSO into another system using my service. I am looking to build this service from scratch. Upon researching for open-source IDP solutions, I came across ory/Hydra and ory/Kratos. I went through their documentation and did a quick-start tutorial. I am still confused about which of the above 2 libraries are suitable for the development of this service.

From a high-level standpoint, this is what I am trying to do.

  1. There is an existing third-party web app X.
  2. A user has already login credentials for my service Y.
  3. A user wants to post some comments in app X.
  4. He/She is redirected to my service Y login screen if not logged in.
  5. After login, the Callback URL returns him back to app X comment section.

Solution

ory/Kratos is not what you are looking for because it is designed to answer your user management basic needs.

The right tool for you is ory/Hydra. I have copied this from its documentation:

If you want apps and websites you don’t own to use your application as
a potential sign in (e.g. be listed alongside "Sign in with Google",
"Sign in with Apple"), ORY Hydra is the right tool for you.

source: https://www.ory.sh/hydra/docs/concepts/before-oauth2

Answered By – mrasool.mirzaei

Answer Checked By – Gilberto Lyons (GoLangFix Admin)

Leave a Reply

Your email address will not be published.