README
¶
Chat |
Forums |
Newsletter
Guide |
API Docs |
Support us on patreon!
ORY Oathkeeper is an Identity & Access Proxy (IAP) that authorizes HTTP requests based on sets of rules. The BeyondCorp Model is designed by Google and secures applications in Zero-Trust networks. An Identity & Access Proxy is typically deployed in front of (think API Gateway) web-facing applications and is capable of authenticating and optionally authorizing access requests.
ORY Oathkeeper is a reverse proxy which evaluates incoming HTTP requests based on a set of rules that are defined by administartive users. ORY Oathkeeper is thus capable of:
- Identifying the user and providing the user session in form of a JSON Web Token.
- Restricting access to certain resources based on a set of rules (Authorization).
We plan to generalize this software and make it compatible with Authentication and Authorization providers. For now, this proxy integrates best ORY Hydra. Please file an issue if you would like to see your favorite Auth* provider integrated.
This service is under active development and may introduce breaking changes in future releases.
Installation
The easiest way to install ORY Oathkeeper is using the Docker Hub Image:
docker run oryd/oathkeeper:<version> help
Ecosystem
ORY Security Console: Administrative User Interface
The ORY Security Console. connects with your existing ORY Hydra and ORY Oathkeeper isntallation and lets you manage and monitor them through an intuitive UI.
ORY Hydra
ORY Hydra is a hardened OAuth2 and OpenID Connect server optimized for low-latency, high throughput, and low resource consumption. ORY Hydra is not an identity provider (user sign up, user log in, password reset flow), but connects to your existing identity provider through a consent app.
Security
Disclosing vulnerabilities
If you think you found a security vulnerability, please refrain from posting it publicly on the forums, the chat, or GitHub and send us an email to hi@ory.am instead.
Telemetry
ORY Oathkeeper collects summarized, anonymized telemetry which can optionally be turned off. Click here to learn more.
Documentation
Guide
The Guide is available here.
HTTP API documentation
The HTTP API is documented here.
Upgrading and Changelog
New releases might introduce breaking changes. To help you identify and incorporate those changes, we document these changes in UPGRADE.md and CHANGELOG.md.
Command line documentation
Run oathkeeper -h or oathkeeper help.
Develop
Developing with ORY Hydra is as easy as:
go get -d -u github.com/ory/oathkeeper
cd $GOPATH/src/github.com/ory/oathkeeper
dep ensure
go test ./...
Then run it with in-memory database:
DATABASE_URL=memory go run main.go serve all
Documentation
¶
Overview ¶
Package main ORY Oathkeeper
ORY Oathkeeper is a reverse proxy that checks the HTTP Authorization for validity against a set of rules. This service uses Hydra to validate access tokens and policies.
Schemes: http, https Host: BasePath: / Version: Latest Contact: ORY <hi@ory.am> https://www.ory.am Consumes: - application/json Produces: - application/json Extensions: --- x-request-id: string x-forwarded-proto: string ---
swagger:meta
Source Files
Directories