From 560d03ad292c438d34953dc2199de9c49bd45561 Mon Sep 17 00:00:00 2001 From: unatasha8 Date: Tue, 23 Jun 2026 22:32:05 -0700 Subject: [PATCH 1/8] docs: rewrites to intro to standardize --- docs/network/getting-started/index.mdx | 256 ++++++++++++----------- docs/network/getting-started/index2.mdx | 125 +++++++++++ docs/oel/getting-started/index.mdx | 229 +++++++++++++++------ docs/oel/getting-started/index2.mdx | 67 ++++++ docs/oss/getting-started/index.mdx | 262 ++++++++++++++---------- docs/oss/getting-started/index2.mdx | 116 +++++++++++ 6 files changed, 759 insertions(+), 296 deletions(-) create mode 100644 docs/network/getting-started/index2.mdx create mode 100644 docs/oel/getting-started/index2.mdx create mode 100644 docs/oss/getting-started/index2.mdx diff --git a/docs/network/getting-started/index.mdx b/docs/network/getting-started/index.mdx index c7b0d351f..d3cb2bcc4 100644 --- a/docs/network/getting-started/index.mdx +++ b/docs/network/getting-started/index.mdx @@ -1,125 +1,139 @@ --- title: Introduction to Ory Network +sidebar_label: Introduction to Ory Network +toc_max_heading_level: 3 +description: Ory Network is the fully managed, cloud-native deployment of Ory — a global, low-latency identity and access management service built on Ory's open source software. --- -Ory is a software infrastructure provider building a global zero-trust network for humans, robots, devices, and software services. -Ory develops open-source software on [GitHub](https://github.com/ory) and publishes open standards such as the -[Ory Permission Language](https://github.com/ory/keto/blob/master/docs/ory_permission_language_spec.md). -[The Ory Network](https://console.ory.com/) uses cloud-native open-source technologies (Kubernetes, Crossplane, Cockroach, Linux, -Ory) and standards (OAuth 2.0/2.1, OpenID Connect, MITREid, WebAuthn, TOTP, FIDO3) to deliver a low-latency, planet-scale -zero-trust infrastructure. Ory combines centuries of open source, security, operational, and industry expertise with a -user-centric and security-first mindset. - -Core infrastructure components of [Ory Network](https://console.ory.com) are open source to foster collaboration, reduce supply -chain risk, broaden access to secure services, and introduce the open standard for internet security. Being open source Ory -improves the safety of everyone: - -- Ory Identities offers a secure and modern central identity management solution with MFA, passwordless, WebAuthn, and more. It's - based on the open-source [Ory Kratos Identity Server](https://github.com/ory/kratos). -- Ory OAuth2 & OpenID Connect implements 15+ IETF and OpenID standards to facilitate single sign-on (SSO), delegation, and API - access authorization. It's based on the open-source [Ory Hydra Federation Server](https://github.com/ory/hydra). -- Ory Permissions is a low-latency, high-performance, relationship-based authorization system that enables fine-grained access - control (incl. RBAC and ABAC models) in any application. It's based on the open-source - [Ory Keto Permission Server](https://github.com/ory/keto), which implements - [Zanzibar: Google’s Consistent, Global Authorization System](https://research.google/pubs/pub48190/). - -Ory develops and maintains many additional open-source projects. From an Ory Zero Trust Identity & Access Proxy -[Ory Oathkeeper](https://github.com/ory/oathkeeper) to developer tooling [Ory Dockertest](https://github.com/ory/dockertest) to -language-specific libraries [Ory Ladon](https://github.com/ory/ladon). Ory has -[170+ open source repositories](https://github.com/orgs/ory/repositories) and over 35.000 GitHub stars. - -Ory secures billions of requests each month, runs in over 50,000 live deployments, and improves hourly. - -## Why Ory is different - -Ory differentiates from other vendors in the following key areas: - -- Ory core services and APIs are developed and licensed under Apache 2.0, allowing you to participate, collaborate, and understand - the inner workings of Ory. -- You can bring your UI, in the programming language of your choosing, with the user experience that you like. -- From designing Identity Schemas using JSON Schema, to webhooks, to advanced configuration options - Ory is the most customizable - platform out there. -- Ory spans the whole authentication and authorization universe with well-designed products and APIs: - - Identity Management with session management & flows for login, registration, recovery, verification, MFA, and more. - - Permission and Role Management. - - Delegation via OAuth2 and OpenID Connect. - - Zero Trust Networking. - - Modern API design with partial support for gRPC. - -## Ory Network - -The Ory Network is the commercial offering of Ory and is built on top of Ory Open Source software. The goal with Ory Network is to -offer a planet-scale, low-latency, resilient, and secure service that's easy to use and set up. - -In short: Ory Network is the most convenient way to run Ory. [Sign up](https://console.ory.com/registration) and create a free -developer project. - -## Components - -Each project in Ory Network is an isolated tenant and uses many components providing functionality, user interfaces, and APIs -around identities, sessions, login, OAuth2, permissions, and more. The core components of projects in Ory Network are -[Ory Open Source servers](https://github.com/ory/). - -### Identities and sessions - -Ory Network incorporates the open-source [Ory Kratos Identity Server](https://www.ory.com/kratos) and offers: - -- Self-service flows are everything users do on their own / without the help of others: -- Registration with passwords, social sign-in, OpenID Connect, passkeys, and more. -- Login with passwords, social sign-in, OpenID Connect, passkeys, and more. -- Updating the profile, email, changing the password, un/linking with social sign-in providers, and more. -- Recovering the account by resetting the password. -- Verifying email addresses, phone numbers, and more. -- Multi-factor authentication flows and recovery processes. -- Administrative identity management to get, create, update, and delete identities and their data. -- Headless APIs and data models allow you to fully customize Identity Schemas - for example adding fields like name, accept ToS, - phone number - and create your login, registration, profile settings, recovery, and verification screen using SDKs and REST - APIs. -- SCIM support for automated user provisioning and deprovisioning with supported identity providers. - -### Permissions and relationships - -Ory Network incorporates the open-source [Ory Keto Permission Server](https://www.ory.com/keto) and offers: - -- Permission management to get, create, update, and delete permissions. -- Permission checking to check if a user has a permission. - -### OAuth2 and OIDC - -Ory Network incorporates the open-source [Ory Hydra OAuth2 & OpenID Server](https://www.ory.com/hydra) and offers: - -- Fully featured OAuth2 & [OpenID Certified](https://openid.net/developers/certified/)® OIDC Provider - -### SAML - -Ory Network incorporates the open-source [Ory Polis](https://www.ory.com/polis) and offers: - -- Enterprise SSO integration with SAML identity providers such as Okta, Azure AD, and Google Workspace. -- Simplified SSO flow by implementing SSO as a standard OAuth 2.0 flow, abstracting away the complexities of SAML. -- Act as a SAML Identity Provider (IdP). - -### Ory Console - -Ory Console is the management UI of Ory Network. - -### Ory Account Experience - -Ory Account Experience implements screens such as login, registration, account recovery, account setting, and account verification -for fast adoption of Ory. - -Ory allows you to implement your own authentication UI by offering simple, headless APIs. Use the open-source -[Ory Elements](https://github.com/ory/elements) components library for fast integration with frameworks like React and Next.js. - -### Ory Actions - -[Ory Actions](../../kratos/hooks/01_configure-hooks.mdx) provide a flexible way to extend the capabilities of the Ory Network by -defining custom business logic, automating system behavior in response to events, and integrating with third-party services such -as CRM platforms, payment gateways, business analytics tools, and integration platforms. - -## Ory Open Source - -Ory is the largest open-source ecosystem in the area of authentication, authorization, access control, and zero-trust networking -in the world. Ory is not another company "greenwashing" with open source by publishing SDKs under open-source licenses. Instead, -all Ory core systems are available as Apache 2.0 licensed software without enterprise or open-core models. - -Head over to the [Ory Open Source Overview](../../oss/open-source.mdx) for an introduction to the different projects. +# Introduction to Ory Network + +Ory Network is the fully managed deployment of Ory: a global, low-latency identity +and access management (IAM) service delivered as SaaS. It runs the same open source +software you can self-host, with hosting, scaling, security patching, and compliance +handled for you — so you can add authentication, authorization, and fine-grained +permissions to any application and get back to building your product. + +[Sign up](https://console.ory.com/registration) to create a free developer project, +or [talk to an expert](https://www.ory.com/contact) about production and enterprise needs. + +## Why Ory Network + +Ory Network gives you Ory's full identity stack without the operational overhead of +running it yourself: + +- **Fully managed infrastructure** — Ory Network operates a global edge network with + multi-region availability, automatic scaling, and high availability. You don't + patch servers, rotate keys, or manage failover. +- **Production-grade security and compliance** — Built-in protection against common + threats, industry-standard cryptography, breached-password detection, and + audit-ready compliance (GDPR, SOC 2, ISO, PCI DSS, and more). +- **Own your user experience** — Bring your own UI in any framework and language, or + start with hosted screens. Ory's APIs are headless, so the login, registration, + and account flows are entirely yours to design. +- **Built on open source** — Every core service in Ory Network is the same Apache 2.0 + licensed software available on [GitHub](https://github.com/ory). There is no + open-core lock-in, and you can move between deployment models without rewriting + your integration. +- **Scale without limits** — Ory Network processes billions of authentication and + authorization requests, with stateless horizontal scaling and smart edge caching + for low latency worldwide. + +## What's included + +Ory Network is composed of Ory's open source servers, managed and integrated for you, +plus the console and tooling that make them fast to adopt. The core services each map to +a focused part of the identity and access problem: identity and sessions, OAuth2 and +OIDC, permissions, enterprise SSO, edge access control, and API key management. Around them, Ory Network adds the layer that gets you to production quickly: + +- **[Ory Console](https://console.ory.com/)** — The web UI for managing projects, + identities, permissions, social sign-in, identity schemas, account emails, and + multi-tenancy. Most configuration that once required code can be done here without a + code editor. +- **[Ory Account Experience](https://www.ory.com/docs/account-experience)** — Prebuilt, + customizable screens for login, registration, recovery, verification, and account + settings, so you can ship auth before building your own UI. +- **[Ory Elements](https://www.ory.com/docs/elements)** — An open source component library + for integrating your own authentication UI quickly with frameworks like React and + Next.js. +- **[Ory Actions](https://www.ory.com/docs/kratos/hooks/configure-hooks)** — Hooks that + extend Ory by running custom business logic and integrating with third-party services + such as CRMs, payment gateways, and analytics platforms in response to identity events. +- **[Ory CLI](https://www.ory.com/docs/cli)** — A command-line tool for configuring and + operating your self-hosted deployment. +- **[SDKs and reference UIs](https://github.com/ory/sdk)** — Client SDKs for popular + languages and reference UI implementations for frameworks like React, Next.js, and + React Native. + +### Ory Kratos (Identity & AuthN) + +Ory Kratos manages identities, credentials, and sessions. It powers self-service flows +for registration, login, account recovery, email and phone verification, profile +settings, and multi-factor authentication. It supports passwords, social sign-in, +OpenID Connect, and passkeys, and it uses customizable JSON Schema identity models (SCIM) so +you control exactly what data each identity holds. SCIM support enables automated user +provisioning and deprovisioning. Learn more in the +[Ory Kratos documentation](https://www.ory.com/docs/network/kratos/intro). + +### Ory Hydra (Delegated AuthZ & Federated AuthN) + +Ory Hydra is a fully featured, [OpenID Certified®](https://openid.net/developers/certified/) +OAuth 2.0 and OpenID Connect provider. It handles single sign-on, API access +authorization, token issuance, and delegation, with support for stateless JWT access +tokens, token exchange, and credential rotation. Learn more in the +[Ory Hydra documentation](https://www.ory.com/docs/network/hydra). + +### Ory Keto (Fine-grained Permissions) + +Ory Keto provides low-latency, relationship-based authorization for fine-grained access +control. It implements Google's Zanzibar model and supports RBAC and ABAC +patterns, letting you define and check permissions across any application. Learn more +in the [Ory Keto documentation](https://www.ory.com/docs/network/keto). + +### Ory Polis (Enterprise SSO AuthZ) + +Ory Polis adds enterprise single sign-on through SAML and OIDC. It connects to identity +providers such as Okta, Microsoft Entra ID, and Google Workspace, supports directory +sync, and can also act as a SAML Identity Provider — abstracting SAML complexity +behind a standard OAuth 2.0 flow. Learn more in the +[Ory Polis documentation](https://www.ory.com/docs/network/polis). + +### Ory Oathkeeper (Proxy-based access control) + +Ory Oathkeeper provides identity and policy-aware access control at the network edge. +It acts as a zero-trust proxy that authenticates and authorizes requests before they reach +your services. Learn more in the +[Ory Oathkeeper documentation](https://www.ory.com/docs/network/oathkeeper). + +### Ory Talos (API keys) + +Ory Talos manages the full lifecycle of API credentials for machine-to-machine and AI agent +access: issuing keys, verifying them, deriving short-lived tokens, and revoking access. +It replaces static, over-privileged API keys with programmable macaroon tokens +that enforce least privilege — permissions can only be narrowed, never widened — and +supports token derivation, IP allowlists, and time-to-live limits. Commercial builds +add multi-tenancy, PostgreSQL, MySQL, and CockroachDB backends, Redis caching, +rate-limit enforcement, and edge proxy nodes. Learn more in the +[Ory Talos documentation](https://www.ory.com/docs/talos). + +## Ory Network compared to the other deployment models + +Ory Network is one of three ways to run Ory. All three share the same open source core, +so you can start with one and move to another as your needs change: + +| | Ory Open Source | Ory Enterprise License | Ory Network | +| --- | --- | --- | --- | +| **Hosting** | Self-hosted | Self-hosted | Fully managed (SaaS) | +| **Who operates the infrastructure** | You | You | Ory | +| **License** | Apache 2.0 | Commercial | Commercial | +| **Management** | CLI | CLI | CLI, GUI (Ory Console), and Terraform | +| **Support** | Community | Dedicated, 24/7 with SLAs | Included with the platform | +| **CVE patching** | Self-managed | Guaranteed timeframes | Handled by Ory | +| **Enterprise features** (e.g. multi-tenancy, ROPC) | Not included | Included | Included | +| **Best for** | Evaluation, prototyping, and full-control self-hosting | Regulated, air-gapped, or high-control production | The fastest path to production with no operational overhead | + +## Next steps + +- [Create a free developer project](https://console.ory.com/registration) +- [Follow a quickstart](../getting-started/overview) +- [Learn which Ory product to use](../products/products-overview#which-ory-product) +- [Migrate an existing user base to Ory Network](../migrate-to-ory/migrate) diff --git a/docs/network/getting-started/index2.mdx b/docs/network/getting-started/index2.mdx new file mode 100644 index 000000000..c7b0d351f --- /dev/null +++ b/docs/network/getting-started/index2.mdx @@ -0,0 +1,125 @@ +--- +title: Introduction to Ory Network +--- + +Ory is a software infrastructure provider building a global zero-trust network for humans, robots, devices, and software services. +Ory develops open-source software on [GitHub](https://github.com/ory) and publishes open standards such as the +[Ory Permission Language](https://github.com/ory/keto/blob/master/docs/ory_permission_language_spec.md). +[The Ory Network](https://console.ory.com/) uses cloud-native open-source technologies (Kubernetes, Crossplane, Cockroach, Linux, +Ory) and standards (OAuth 2.0/2.1, OpenID Connect, MITREid, WebAuthn, TOTP, FIDO3) to deliver a low-latency, planet-scale +zero-trust infrastructure. Ory combines centuries of open source, security, operational, and industry expertise with a +user-centric and security-first mindset. + +Core infrastructure components of [Ory Network](https://console.ory.com) are open source to foster collaboration, reduce supply +chain risk, broaden access to secure services, and introduce the open standard for internet security. Being open source Ory +improves the safety of everyone: + +- Ory Identities offers a secure and modern central identity management solution with MFA, passwordless, WebAuthn, and more. It's + based on the open-source [Ory Kratos Identity Server](https://github.com/ory/kratos). +- Ory OAuth2 & OpenID Connect implements 15+ IETF and OpenID standards to facilitate single sign-on (SSO), delegation, and API + access authorization. It's based on the open-source [Ory Hydra Federation Server](https://github.com/ory/hydra). +- Ory Permissions is a low-latency, high-performance, relationship-based authorization system that enables fine-grained access + control (incl. RBAC and ABAC models) in any application. It's based on the open-source + [Ory Keto Permission Server](https://github.com/ory/keto), which implements + [Zanzibar: Google’s Consistent, Global Authorization System](https://research.google/pubs/pub48190/). + +Ory develops and maintains many additional open-source projects. From an Ory Zero Trust Identity & Access Proxy +[Ory Oathkeeper](https://github.com/ory/oathkeeper) to developer tooling [Ory Dockertest](https://github.com/ory/dockertest) to +language-specific libraries [Ory Ladon](https://github.com/ory/ladon). Ory has +[170+ open source repositories](https://github.com/orgs/ory/repositories) and over 35.000 GitHub stars. + +Ory secures billions of requests each month, runs in over 50,000 live deployments, and improves hourly. + +## Why Ory is different + +Ory differentiates from other vendors in the following key areas: + +- Ory core services and APIs are developed and licensed under Apache 2.0, allowing you to participate, collaborate, and understand + the inner workings of Ory. +- You can bring your UI, in the programming language of your choosing, with the user experience that you like. +- From designing Identity Schemas using JSON Schema, to webhooks, to advanced configuration options - Ory is the most customizable + platform out there. +- Ory spans the whole authentication and authorization universe with well-designed products and APIs: + - Identity Management with session management & flows for login, registration, recovery, verification, MFA, and more. + - Permission and Role Management. + - Delegation via OAuth2 and OpenID Connect. + - Zero Trust Networking. + - Modern API design with partial support for gRPC. + +## Ory Network + +The Ory Network is the commercial offering of Ory and is built on top of Ory Open Source software. The goal with Ory Network is to +offer a planet-scale, low-latency, resilient, and secure service that's easy to use and set up. + +In short: Ory Network is the most convenient way to run Ory. [Sign up](https://console.ory.com/registration) and create a free +developer project. + +## Components + +Each project in Ory Network is an isolated tenant and uses many components providing functionality, user interfaces, and APIs +around identities, sessions, login, OAuth2, permissions, and more. The core components of projects in Ory Network are +[Ory Open Source servers](https://github.com/ory/). + +### Identities and sessions + +Ory Network incorporates the open-source [Ory Kratos Identity Server](https://www.ory.com/kratos) and offers: + +- Self-service flows are everything users do on their own / without the help of others: +- Registration with passwords, social sign-in, OpenID Connect, passkeys, and more. +- Login with passwords, social sign-in, OpenID Connect, passkeys, and more. +- Updating the profile, email, changing the password, un/linking with social sign-in providers, and more. +- Recovering the account by resetting the password. +- Verifying email addresses, phone numbers, and more. +- Multi-factor authentication flows and recovery processes. +- Administrative identity management to get, create, update, and delete identities and their data. +- Headless APIs and data models allow you to fully customize Identity Schemas - for example adding fields like name, accept ToS, + phone number - and create your login, registration, profile settings, recovery, and verification screen using SDKs and REST + APIs. +- SCIM support for automated user provisioning and deprovisioning with supported identity providers. + +### Permissions and relationships + +Ory Network incorporates the open-source [Ory Keto Permission Server](https://www.ory.com/keto) and offers: + +- Permission management to get, create, update, and delete permissions. +- Permission checking to check if a user has a permission. + +### OAuth2 and OIDC + +Ory Network incorporates the open-source [Ory Hydra OAuth2 & OpenID Server](https://www.ory.com/hydra) and offers: + +- Fully featured OAuth2 & [OpenID Certified](https://openid.net/developers/certified/)® OIDC Provider + +### SAML + +Ory Network incorporates the open-source [Ory Polis](https://www.ory.com/polis) and offers: + +- Enterprise SSO integration with SAML identity providers such as Okta, Azure AD, and Google Workspace. +- Simplified SSO flow by implementing SSO as a standard OAuth 2.0 flow, abstracting away the complexities of SAML. +- Act as a SAML Identity Provider (IdP). + +### Ory Console + +Ory Console is the management UI of Ory Network. + +### Ory Account Experience + +Ory Account Experience implements screens such as login, registration, account recovery, account setting, and account verification +for fast adoption of Ory. + +Ory allows you to implement your own authentication UI by offering simple, headless APIs. Use the open-source +[Ory Elements](https://github.com/ory/elements) components library for fast integration with frameworks like React and Next.js. + +### Ory Actions + +[Ory Actions](../../kratos/hooks/01_configure-hooks.mdx) provide a flexible way to extend the capabilities of the Ory Network by +defining custom business logic, automating system behavior in response to events, and integrating with third-party services such +as CRM platforms, payment gateways, business analytics tools, and integration platforms. + +## Ory Open Source + +Ory is the largest open-source ecosystem in the area of authentication, authorization, access control, and zero-trust networking +in the world. Ory is not another company "greenwashing" with open source by publishing SDKs under open-source licenses. Instead, +all Ory core systems are available as Apache 2.0 licensed software without enterprise or open-core models. + +Head over to the [Ory Open Source Overview](../../oss/open-source.mdx) for an introduction to the different projects. diff --git a/docs/oel/getting-started/index.mdx b/docs/oel/getting-started/index.mdx index 4a0c0193d..0db4ad08a 100644 --- a/docs/oel/getting-started/index.mdx +++ b/docs/oel/getting-started/index.mdx @@ -1,67 +1,170 @@ --- title: Introduction to Ory Enterprise License +sidebar_label: Introduction to Ory Enterprise License +toc_max_heading_level: 3 +description: The Ory Enterprise License (OEL) is the self-hosted, commercially supported deployment of Ory — optimized builds of Ory's open source software with enterprise features, SLAs, and CVE patching for production and mission-critical environments. --- -The Ory Enterprise License (OEL) is a commercial license designed for businesses and organizations that rely on Ory's open-source -identity and access control software (Ory Hydra, Ory Kratos, Ory Keto, Ory Oathkeeper, and Ory Polis) in production and -mission-critical environments. It grants access to enterprise-grade features, dedicated support, and builds optimized for -stability, security, and scalability. - -:::info - -Interested in the Ory Enterprise License? -[Contact us to discuss your requirements.](https://www.ory.com/contact) - -::: - -## When to use the Ory Enterprise License - -You should consider the Ory Enterprise License if your organization - -- operates Ory solutions in critical production environments where downtime is unacceptable. -- requires timely patches and updates for security vulnerabilities (CVEs) within specific timeframes. -- needs dedicated support from Ory's core engineering team with guaranteed response times (SLAs) for incident resolution. -- handles high-traffic volumes and large datasets (100GBs scale) requiring optimized database performance and zero-downtime - migrations. -- needs enterprise-specific functionalities not available in the open-source versions, such as the OAuth2 Resource Owner Password - Credentials (ROPC) grant in Ory Hydra or multi-tenancy/organizations features in Ory Kratos. -- requires advanced deployment patterns like multi-region for high availability, disaster recovery, and data domiciling. - -In contrast, open-source builds are well-suited for - -- individuals and researchers exploring Ory's capabilities. -- development and testing environments. -- deployments where occasional downtime for upgrades is acceptable and CVE patching is not required. - -## Benefits of Ory Enterprise License - -All Ory Enterprise builds share common advantages over their open-source counterparts: - -- Regular, up-to-date releases: Enterprise builds are released frequently and include the latest dependencies, addressing known - CVEs in Golang, third-party libraries, and other components. -- Dedicated support & SLAs: OEL holders receive dedicated support channels and are covered by Service Level Agreements (SLAs), - ensuring qualified responses within defined timeframes based on incident priority. -- Drop-in replacement: OEL is designed as direct replacements for open-source installations, requiring no special configuration or - complex migration paths from existing OSS setups. -- Unlocked Enterprise features: The OEL activates exclusive functionalities. Specific enterprise features for each Ory service are - detailed in their respective documentation sections. -- Zero-downtime migrations: Unlike open-source versions that require downtime during upgrades, enterprise builds support - zero-downtime migrations. -- Optimized CockroachDB integration: For deployments with large-scale databases and traffic patterns, an enhanced CockroachDB - integration is available. This provides not only zero-downtime upgrades but also zero-downtime schema migrations by leveraging - CockroachDB's Online schema changes feature. -- Multi-Region deployments: Enterprise builds, when used with CockroachDB, support multi-region deployments. This enables: - - Enhanced high-availability: Go beyond simple Availability Zone (AZ) failover with true multi-region resilience for superior - uptime and disaster recovery. - - Data domiciling: Comply with data privacy regulations like GDPR, CCPA, and others by keeping data in specific geographic - regions while maintaining a global, logical view of all data within a single database. - - Lower latency: Improve application performance for globally distributed users by locating data closer to them. -- Seamless operation: Running, configuring, and using enterprise builds follows the same familiar patterns as the open-source - versions. - -## Use cases - -The Ory Enterprise License is leveraged by organizations requiring robust and scalable identity infrastructure. For instance, -OpenAI utilizes the Ory Enterprise License with Ory Hydra Enterprise to manage authentication for its 400 million weekly active -users, ensuring reliability, massive scale, and uninterrupted service. Read more about -[OpenAI's use of Ory](https://www.ory.com/case-studies/openai). +# Introduction to Ory Enterprise License + +The Ory Enterprise License (OEL) is the self-hosted, commercially supported deployment of +Ory: optimized builds of the same open source identity and access management (IAM) +software, with enterprise features, guaranteed support, and timely security patching. You +run Ory on your own infrastructure — in your cloud, your private cloud, or an air-gapped +environment — and Ory's core engineering team backs it with SLAs. OEL gives you the +control of self-hosting with the assurance of an enterprise vendor, so you can run Ory in +production and mission-critical environments with confidence. + +[Talk to an expert](https://www.ory.com/contact) to discuss your requirements, or read the +[OEL product brief](https://www.ory.com/resources/assets/ory-enterprise-license-product-brief) +to compare OEL with Ory Open Source. + +## Why Ory Enterprise License + +OEL builds share the same familiar patterns as the open source software, with significant +advantages for organizations running Ory at scale: + +- **Self-hosted control** — Run Ory entirely within your own infrastructure for full + control over data residency, networking, and deployment topology, including certified, + regulated, and air-gapped environments. +- **Dedicated support and SLAs** — Get 24/7 access to Ory's core engineering team with + guaranteed response times based on incident priority, so critical production issues are + resolved quickly. +- **Frequent, tested releases** — Ory ships enterprise builds frequently, with the latest + dependencies and timely patches for known CVEs in Go, third-party libraries, and other + components. (Community-only updates can lag and are not tested at the same scale.) +- **Drop-in replacement** — OEL builds are direct replacements for open source + installations. Moving from Ory Open Source requires no special configuration or complex + migration path. +- **Zero-downtime migrations** — OEL builds support zero-downtime upgrades, and the + optimized CockroachDB integration adds zero-downtime schema migrations using + CockroachDB's online schema changes. +- **Multi-region deployments** — With CockroachDB, OEL supports true multi-region + resilience for high availability and disaster recovery, data domiciling for GDPR, CCPA, + and similar regulations, and lower latency for globally distributed users. +- **Unlocked enterprise features** — OEL activates functionality not available in the open + source builds, such as B2B organizations and multi-tenancy in Ory Kratos and the OAuth + 2.0 Resource Owner Password Credentials (ROPC) grant in Ory Hydra. + +## When to choose OEL + +Consider the Ory Enterprise License if your organization: + +- Runs Ory in critical production environments where downtime is unacceptable. +- Needs CVE patches and security updates within guaranteed timeframes. +- Requires dedicated support with contractual response-time SLAs. +- Handles high traffic and large datasets (100 GB scale) that benefit from optimized + database performance and zero-downtime migrations. +- Needs enterprise-only features such as Ory Kratos multi-tenancy/organizations or the Ory Hydra + ROPC grant. +- Requires advanced deployment patterns like multi-region high availability, disaster + recovery, or data domiciling. + +Ory Open Source remains a good fit for evaluation, prototyping, development and testing, +and deployments where occasional upgrade downtime is acceptable and guaranteed CVE +patching is not required. + +## What's included + +OEL packages Ory's open source servers as optimized, enterprise-grade builds, delivered +with the tooling and support you need to run them in production. The core services each +map to a focused part of the identity and access problem: identity and sessions, OAuth2 +and OIDC, permissions, enterprise SSO, edge access control, and API key management. Around them, OEL adds the enterprise delivery layer: + +- **[Ory Account Experience](https://www.ory.com/docs/account-experience)** — Prebuilt, + customizable screens for login, registration, recovery, verification, and account + settings, so you can ship auth before building your own UI. +- **[Ory Elements](https://www.ory.com/docs/elements)** — An open source component library + for integrating your own authentication UI quickly with frameworks like React and + Next.js. +- **[Ory Actions](https://www.ory.com/docs/kratos/hooks/configure-hooks)** — Hooks that + extend Ory by running custom business logic and integrating with third-party services + such as CRMs, payment gateways, and analytics platforms in response to identity events. +- **[Ory CLI](https://www.ory.com/docs/cli)** — A command-line tool for configuring and + operating your self-hosted deployment. +- **[SDKs and reference UIs](https://github.com/ory/sdk)** — Client SDKs for popular + languages and reference UI implementations for frameworks like React, Next.js, and + React Native. +- **Production Helm charts** — Supported Kubernetes Helm charts for deploying and operating Ory + services in your own cluster. +- **Optimized builds and database integration** — High-performance connection pooling and + an enhanced CockroachDB integration for large-scale traffic and datasets. +- **Enterprise support** — Dedicated channels, onboarding, and SLAs from Ory's engineering + team. + +### Ory Kratos (Identity & AuthN) + +Ory Kratos manages identities, credentials, and sessions. It powers self-service flows +for registration, login, account recovery, email and phone verification, profile +settings, and multi-factor authentication. It supports passwords, social sign-in, +OpenID Connect, and passkeys, and it uses customizable JSON Schema identity models (SCIM) so +you control exactly what data each identity holds. SCIM support enables automated user +provisioning and deprovisioning. Learn more in the +[Ory Kratos documentation](https://www.ory.com/docs/oel/kratos/intro). + +### Ory Hydra (Delegated AuthZ & Federated AuthN) + +Ory Hydra is a fully featured, [OpenID Certified®](https://openid.net/developers/certified/) +OAuth 2.0 and OpenID Connect provider. It handles single sign-on, API access +authorization, token issuance, and delegation, with support for stateless JWT access +tokens, token exchange, and credential rotation. Learn more in the +[Ory Hydra documentation](https://www.ory.com/docs/oel/hydra). + +### Ory Keto (Fine-grained Permissions) + +Ory Keto provides low-latency, relationship-based authorization for fine-grained access +control. It implements Google's Zanzibar model and supports RBAC and ABAC +patterns, letting you define and check permissions across any application. Learn more +in the [Ory Keto documentation](https://www.ory.com/docs/oel/keto). + +### Ory Polis (Enterprise SSO AuthZ) + +Ory Polis adds enterprise single sign-on through SAML and OIDC. It connects to identity +providers such as Okta, Microsoft Entra ID, and Google Workspace, supports directory +sync, and can also act as a SAML Identity Provider — abstracting SAML complexity +behind a standard OAuth 2.0 flow. Learn more in the +[Ory Polis documentation](https://www.ory.com/docs/oel/polis). + +### Ory Oathkeeper (Proxy-based Access Control) + +Ory Oathkeeper provides identity and policy-aware access control at the network edge. +It acts as a zero-trust proxy that authenticates and authorizes requests before they reach +your services. Learn more in the +[Ory Oathkeeper documentation](https://www.ory.com/docs/oel/oathkeeper). + +### Ory Talos (API keys) + +Ory Talos manages the full lifecycle of API credentials for machine-to-machine and AI agent +access: issuing keys, verifying them, deriving short-lived tokens, and revoking access. +It replaces static, over-privileged API keys with programmable macaroon tokens +that enforce least privilege — permissions can only be narrowed, never widened — and +supports token derivation, IP allowlists, and time-to-live limits. Commercial builds +add multi-tenancy, PostgreSQL, MySQL, and CockroachDB backends, Redis caching, +rate-limit enforcement, and edge proxy nodes. Learn more in the +[Ory Talos documentation](https://www.ory.com/docs/talos). + +## OEL compared to the other deployment models + +OEL is one of three ways to run Ory. All three share the same open source core, so you can +start with one and move to another as your needs change: + +| | Ory Open Source | Ory Enterprise License | Ory Network | +| --- | --- | --- | --- | +| **Hosting** | Self-hosted | Self-hosted | Fully managed (SaaS) | +| **Who operates the infrastructure** | You | You | Ory | +| **License** | Apache 2.0 | Commercial | Commercial | +| **Management** | CLI | CLI | CLI, GUI (Ory Console), and Terraform | +| **Support** | Community | Dedicated, 24/7 with SLAs | Included with the platform | +| **CVE patching** | Self-managed | Guaranteed timeframes | Handled by Ory | +| **Enterprise features** (e.g. multi-tenancy, ROPC) | Not included | Included | Included | +| **Best for** | Evaluation, prototyping, and full-control self-hosting | Regulated, air-gapped, or high-control production | The fastest path to production with no operational overhead | + +OpenAI runs OEL with Ory Hydra Enterprise to manage authentication for its hundreds of +millions of weekly active users — read the +[OpenAI case study](https://www.ory.com/case-studies/openai). + +## Next steps + +- [Talk to an expert](https://www.ory.com/contact) to discuss requirements and request an OEL license. +- [Follow a quickstart](../getting-started/overview) +- [Learn which Ory product to use](../products/products-overview#which-ory-product) \ No newline at end of file diff --git a/docs/oel/getting-started/index2.mdx b/docs/oel/getting-started/index2.mdx new file mode 100644 index 000000000..4a0c0193d --- /dev/null +++ b/docs/oel/getting-started/index2.mdx @@ -0,0 +1,67 @@ +--- +title: Introduction to Ory Enterprise License +--- + +The Ory Enterprise License (OEL) is a commercial license designed for businesses and organizations that rely on Ory's open-source +identity and access control software (Ory Hydra, Ory Kratos, Ory Keto, Ory Oathkeeper, and Ory Polis) in production and +mission-critical environments. It grants access to enterprise-grade features, dedicated support, and builds optimized for +stability, security, and scalability. + +:::info + +Interested in the Ory Enterprise License? +[Contact us to discuss your requirements.](https://www.ory.com/contact) + +::: + +## When to use the Ory Enterprise License + +You should consider the Ory Enterprise License if your organization + +- operates Ory solutions in critical production environments where downtime is unacceptable. +- requires timely patches and updates for security vulnerabilities (CVEs) within specific timeframes. +- needs dedicated support from Ory's core engineering team with guaranteed response times (SLAs) for incident resolution. +- handles high-traffic volumes and large datasets (100GBs scale) requiring optimized database performance and zero-downtime + migrations. +- needs enterprise-specific functionalities not available in the open-source versions, such as the OAuth2 Resource Owner Password + Credentials (ROPC) grant in Ory Hydra or multi-tenancy/organizations features in Ory Kratos. +- requires advanced deployment patterns like multi-region for high availability, disaster recovery, and data domiciling. + +In contrast, open-source builds are well-suited for + +- individuals and researchers exploring Ory's capabilities. +- development and testing environments. +- deployments where occasional downtime for upgrades is acceptable and CVE patching is not required. + +## Benefits of Ory Enterprise License + +All Ory Enterprise builds share common advantages over their open-source counterparts: + +- Regular, up-to-date releases: Enterprise builds are released frequently and include the latest dependencies, addressing known + CVEs in Golang, third-party libraries, and other components. +- Dedicated support & SLAs: OEL holders receive dedicated support channels and are covered by Service Level Agreements (SLAs), + ensuring qualified responses within defined timeframes based on incident priority. +- Drop-in replacement: OEL is designed as direct replacements for open-source installations, requiring no special configuration or + complex migration paths from existing OSS setups. +- Unlocked Enterprise features: The OEL activates exclusive functionalities. Specific enterprise features for each Ory service are + detailed in their respective documentation sections. +- Zero-downtime migrations: Unlike open-source versions that require downtime during upgrades, enterprise builds support + zero-downtime migrations. +- Optimized CockroachDB integration: For deployments with large-scale databases and traffic patterns, an enhanced CockroachDB + integration is available. This provides not only zero-downtime upgrades but also zero-downtime schema migrations by leveraging + CockroachDB's Online schema changes feature. +- Multi-Region deployments: Enterprise builds, when used with CockroachDB, support multi-region deployments. This enables: + - Enhanced high-availability: Go beyond simple Availability Zone (AZ) failover with true multi-region resilience for superior + uptime and disaster recovery. + - Data domiciling: Comply with data privacy regulations like GDPR, CCPA, and others by keeping data in specific geographic + regions while maintaining a global, logical view of all data within a single database. + - Lower latency: Improve application performance for globally distributed users by locating data closer to them. +- Seamless operation: Running, configuring, and using enterprise builds follows the same familiar patterns as the open-source + versions. + +## Use cases + +The Ory Enterprise License is leveraged by organizations requiring robust and scalable identity infrastructure. For instance, +OpenAI utilizes the Ory Enterprise License with Ory Hydra Enterprise to manage authentication for its 400 million weekly active +users, ensuring reliability, massive scale, and uninterrupted service. Read more about +[OpenAI's use of Ory](https://www.ory.com/case-studies/openai). diff --git a/docs/oss/getting-started/index.mdx b/docs/oss/getting-started/index.mdx index a4991bf9d..13cfd0884 100644 --- a/docs/oss/getting-started/index.mdx +++ b/docs/oss/getting-started/index.mdx @@ -1,116 +1,154 @@ --- title: Introduction to Ory Open Source +sidebar_label: Introduction to Ory Open Source +toc_max_heading_level: 3 +description: Ory Open Source is the Apache 2.0 licensed identity and access management software at the core of every Ory deployment — modular, self-hosted servers you run on your own infrastructure. --- -We provide an open source ecosystem of services with clear boundaries that solve authentication and authorization: - -- Ory Kratos is an identity management server. -- Ory Hydra is an OAuth 2.0 and OpenID Connect provider. -- Ory Oathkeeper is an Identity and Access Proxy. -- Ory Keto is an access control server. - -Each service works standalone but you can also combine them to get the full feature set. If you've never heard of an Identity & -Access Proxy before, or you want to learn more about the individual services and how they play together, stick with us through the -next paragraphs. - -Almost every application has the concept of users and permissions. An anonymous user, for example, is allowed to read blog posts -while certain authenticated users are allowed to write blog posts. While this is the basis for most applications out there, access -control becomes increasingly complex as an application grows. What started out with a user's username and password now shifted to -machine-2-machine interaction, third party developers accessing your user's data, and maybe even a micro service system -architecture. - -Our projects solve the simplest use case and give you the ability to instantly ready the system for more complex scenarios without -painful and slow upgrade processes. - -## Ory Kratos - -![Ory Kratos](https://raw.githubusercontent.com/ory/meta/master/static/logos/logo-kratos.svg) - -The identity management server Ory Kratos enables you to implement user management, login and registration in a secure and -straightforward way. Don't rewrite every aspect of identity management yourself. Ory Kratos implements all common flows such as -login and logout, account activation, mfa/2fa, profile and session management, user facing errors and account recovery methods. -Just spin up a docker image and write a simple UI for it in the language or framework of your choice. Don't worry about GDPR, -address verification or protecting your users data against common and frequently changing attack vectors. Ory Kratos applies -security standards established by experts (National Institute of Sciences NIST, Internet Engineering Task Force IETF, Microsoft -Research, Google Research, Troy Hunt, ..), so you can concentrate on building. You have custom requirements for your users -experience? No problem, implement your own custom flows without hassle. - -## Ory Hydra - -![Ory Hydra](https://raw.githubusercontent.com/ory/meta/master/static/logos/logo-hydra.svg) - -Ory Hydra enables you to become an OAuth 2.0 and OpenID Connect provider. If you're not writing a basic web app but something that -has to work on different devices, that has machine-2-machine interaction, or enables third-party developers to use your API (and -pay for it), then this is what you're looking for. Ory Hydra isn't identity management, though. Instead, it connects to your -existing identity management (for example the one from the paragraph above, or your MySQL+PHP login service, or your Federated -SAML SSO) and is capable of issuing, in a secure and OpenID Certified manner, access, refresh, and ID tokens. Of course, it's -shipped as a 5MB Docker Image with almost no configuration required. - -## Ory Oathkeeper - -![Ory Oathkeeper](https://raw.githubusercontent.com/ory/meta/master/static/logos/logo-oathkeeper.svg) - -Now that your users access your application through, for example, a React/Angular app and a REST api, you need a way to -authenticate the user and to check if they have the necessary permissions (we call this "access control" from now on). One way -would be, of course, to add these checks in your code. Another is to deploy the 5MB Ory Oathkeeper Docker Image, define access -rules for your API endpoints (for example OAuth 2.0 Access Token + certain set of permissions, a valid JSON Web Token, a valid -SAML assertion, ...) and put it - like a firewall - in front of your services. - -## Ory Keto - -![Ory Keto](https://raw.githubusercontent.com/ory/meta/master/static/logos/logo-keto.svg) - -You might start out with a simple permission system. You've got different roles: anonymous users (not logged in), authenticated -users (logged in), and administrators. At some point however, the system gets more complex. You want to distinguish permissions -based on the user's organization, the access time (think time lock in banking), or the billing plan he/she's on. Big cloud -providers such as Amazon Web Services or Google solve this using "Access Control Policies". These policies represent flexible -rules and allow you to express complex access control scenarios. You could, of course, write your own system or spend a bit of -time educating yourself about RBAC, ACL, ABAC, ACP - or (you probably already guessed it) - boot up the 5MB Ory Keto Docker Image. -Ory Keto is able to authenticate different types of credentials (for example OAuth 2.0 Access Tokens, SAML Assertions, JSON Web -Tokens, ...) and allows you to define advanced permission rules ("Access Control Policies"). And there's of course an endpoint -that tells you if a certain set of credentials (for example an OAuth 2.0 Access Token) is allowed to modify that blog post. - -## Ory Polis - -![Ory Polis](https://raw.githubusercontent.com/ory/meta/master/static/logos/logo-polis.svg) - -Ory Polis is your trusted solution for enterprise Single Sign-On (SSO) without the headaches of SAML and OIDC. If you're building -a multi-tenant SaaS platform and your B2B customers need to sign in with their corporate identity providers—like Entra ID, Okta or -Google Workspace - Ory Polis makes it simple. Instead of creating custom SSO flows for each customer and wrestling with complex -SAML configurations, you can deploy the Ory Polis Docker image and be ready in minutes. Ory Polis abstracts away the protocol -complexity by translating SAML into a standard OAuth 2.0 or OIDC flow, creating a seamless bridge between your application and -enterprise identity providers. It’s modular, supports your preferred database, and can be self-hosted for complete control over -data and privacy. Built for flexibility and scale, Ory Polis handles as many tenants and identity providers as your business -demands. If you're delivering enterprise-grade SaaS and need SSO that just works, Ory Polis is the missing link. - -## Ory Elements - -![Ory Elements](https://raw.githubusercontent.com/ory/meta/master/static/logos/logo-elements.svg) - -Ory Elements is a component library that allows you to build custom user interfaces for Ory self-service flows. It provides a set -of pre-built components that can be easily integrated into your application, enabling you to create a seamless user experience -while leveraging Ory's powerful authentication and identity management capabilities. Ory Elements is designed to work with Ory -Kratos' self-service flows, such as login, registration, settings, verification, and recovery, as well as the OAuth2 consent flow. -It allows you to customize the look and feel of your UI to match your brand and user experience requirements. You can use Ory -Elements to build a custom UI that fits your application's design and user experience. - -## Find Your Ory Stack - -Not sure which Ory products you need? Use our [Product Selector](/welcome) to answer a few questions and discover the right Ory -products for your use case. - -## All of Ory Open Source - -```mdx-code-block -import { ProjectOverviewGraph } from "@site/src/pages/_assets/project-overview-graph" - - -``` - -If you were to use the full Ory Ecosystem, it would probably look something like this. Keep in mind that any component shown here -can be replaced or removed, depending on your use case. - -Now you know what this ecosystem has to offer you. To get some more information on the services, read the developer guide by -selecting the software of your choice from the navigation on the left! - -Contact us at [support@ory.com](mailto:support@ory.com) if you need consulting with your specific project. +# Introduction to Ory Open Source + +Ory Open Source is the Apache 2.0 licensed identity and access management (IAM) software +at the core of every Ory deployment. It is a modular ecosystem of cloud-native servers +that solve authentication, authorization, and access control, which you run on your own +infrastructure. Each service works standalone, so you can adopt a single component or +combine them into a full IAM stack — and because the same code powers Ory Enterprise +License and Ory Network, you can move to a supported or managed deployment later without +rewriting your integration. + +[Browse the source on GitHub](https://github.com/ory) or +[follow a quickstart](../getting-started/overview) to deploy your +first service. + +## Why Ory Open Source + +Ory Open Source gives you a modern, fully customizable IAM foundation with no license +cost and no lock-in: + +- **Free and open source** — Every core service is licensed under Apache 2.0 and developed + in the open on [GitHub](https://github.com/ory), improved by a large community of + contributors. +- **Modular by design** — Use one service or all of them. Each server has clear boundaries + and a focused responsibility, so you can bolt on only what your system needs. +- **Self-hosted and fully in your control** — Run Ory on any infrastructure, in the + language or framework of your choice. You own your data, your networking, and your + deployment topology. +- **Cloud-native and lightweight** — Services ship as small, headless Docker images with + minimal configuration, designed to run well in containerized and microservice + environments. Or use the open source files to compile your own binaries. +- **Standards-based and secure** — Ory implements established security standards from NIST, + the IETF, and other experts, and includes an OpenID Certified® OAuth 2.0 and OpenID + Connect provider. +- **A path to supported deployments** — Ory Open Source servers share the same APIs and + open standards as Ory Enterprise License and Ory Network, so you can graduate to a + supported or fully managed deployment whenever you need to. + +## When to choose Ory Open Source + +Ory Open Source is a good fit if you are: + +- Evaluating Ory's capabilities or building a proof of concept. +- Running development, testing, or staging environments. +- Learning how Ory's identity and access flows work. +- Operating deployments where occasional downtime for upgrades is acceptable and + guaranteed CVE patching is not required. +- Comfortable self-hosting and operating the software yourself. + +Consider [Ory Enterprise License](https://www.ory.com/docs/oel/getting-started) if you need +guaranteed CVE patching, dedicated support with SLAs, zero-downtime migrations, multi-region +deployments, or enterprise-only features. Consider +[Ory Network](https://www.ory.com/docs/network/getting-started) if you want a fully managed +platform with no infrastructure to operate. + +## What's included + +Ory Open Source is composed of focused servers that each solve a distinct part of the +identity and access problem: identity and sessions, OAuth2 and OIDC, permissions, +enterprise SSO, edge access control, and API key management. Alongside the servers, the open source ecosystem provides the tooling you need to +build and operate them: + +- **[Ory Elements](https://www.ory.com/docs/elements)** — An open source component library for + building custom UIs for Ory self-service flows such as login, registration, settings, + verification, recovery, and OAuth2 consent. +- **[Ory Actions](https://www.ory.com/docs/kratos/hooks/configure-hooks)** — Hooks that + extend Ory by running custom business logic and integrating with third-party services + such as CRMs, payment gateways, and analytics platforms in response to identity events. +- **[Ory CLI](https://www.ory.com/docs/cli)** — A command-line tool for configuring and + operating your self-hosted deployment. +- **[SDKs and reference UIs](https://github.com/ory/sdk)** — Client SDKs for popular + languages and reference UI implementations for frameworks like React, Next.js, and + React Native. +- **[Helm charts](https://github.com/ory/k8s)** — Kubernetes Helm charts for deploying Ory + services in your own cluster. + +### Ory Kratos (Identity & AuthN) + +Ory Kratos manages identities, credentials, and sessions. It powers self-service flows +for registration, login, account recovery, email and phone verification, profile +settings, and multi-factor authentication. It supports passwords, social sign-in, +OpenID Connect, and passkeys, and it uses customizable JSON Schema identity models so +you control exactly what data each identity holds. SCIM support enables automated user +provisioning and deprovisioning. Learn more in the +[Ory Kratos documentation](https://www.ory.com/docs/oss/kratos/intro). + +### Ory Hydra (Delegated AuthZ & Federated AuthN) + +Ory Hydra is a fully featured, [OpenID Certified®](https://openid.net/developers/certified/) +OAuth 2.0 and OpenID Connect provider. It handles single sign-on, API access +authorization, token issuance, and delegation, with support for stateless JWT access +tokens, token exchange, and credential rotation. Learn more in the +[Ory Hydra documentation](https://www.ory.com/docs/oss/hydra). + +### Ory Keto (Fine-grained Permissions) + +Ory Keto provides low-latency, relationship-based authorization for fine-grained access +control. It implements Google's Zanzibar model and supports RBAC and ABAC +patterns, letting you define and check permissions across any application. Learn more +in the [Ory Keto documentation](https://www.ory.com/docs/oss/keto). + +### Ory Polis (Enterprise SSO AuthZ) + +Ory Polis adds enterprise single sign-on through SAML and OIDC. It connects to identity +providers such as Okta, Microsoft Entra ID, and Google Workspace, supports directory +sync, and can also act as a SAML Identity Provider — abstracting SAML complexity +behind a standard OAuth 2.0 flow. Learn more in the +[Ory Polis documentation](https://www.ory.com/docs/oss/polis). + +### Ory Oathkeeper (Proxy-based Access Control) + +Ory Oathkeeper provides identity- and policy-aware access control at the network edge. +It acts as a zero-trust proxy that authenticates and authorizes requests before they reach +your services. Learn more in the +[Ory Oathkeeper documentation](https://www.ory.com/docs/oss/oathkeeper). + +### Ory Talos (API keys) + +Ory Talos manages the full lifecycle of API credentials for machine-to-machine and AI agent +access: issuing keys, verifying them, deriving short-lived tokens, and revoking access. +It replaces static, over-privileged API keys with programmable macaroon tokens +that enforce least privilege — permissions can only be narrowed, never widened — and +supports token derivation, IP allowlists, and time-to-live limits. Commercial builds +add multi-tenancy, PostgreSQL, MySQL, and CockroachDB backends, Redis caching, +rate-limit enforcement, and edge proxy nodes. Learn more in the +[Ory Talos documentation](https://www.ory.com/docs/talos). + +## Ory Open Source compared to the other deployment models + +Ory Open Source is one of three ways to run Ory. All three share the same open source +core, so you can start with one and move to another as your needs change: + +| | Ory Open Source | Ory Enterprise License | Ory Network | +| --- | --- | --- | --- | +| **Hosting** | Self-hosted | Self-hosted | Fully managed (SaaS) | +| **Who operates the infrastructure** | You | You | Ory | +| **License** | Apache 2.0 | Commercial | Commercial | +| **Management** | CLI | CLI | CLI, GUI (Ory Console), and Terraform | +| **Support** | Community | Dedicated, 24/7 with SLAs | Included with the platform | +| **CVE patching** | Self-managed | Guaranteed timeframes | Handled by Ory | +| **Enterprise features** (e.g. multi-tenancy, ROPC) | Not included | Included | Included | +| **Best for** | Evaluation, prototyping, and full-control self-hosting | Regulated, air-gapped, or high-control production | The fastest path to production with no operational overhead | + +## Next steps + +- [Download a binary or browse the source on GitHub](https://github.com/ory) +- [Follow a quickstart](../getting-started/overview) +- [Learn which Ory product to use](../products/products-overview#which-ory-product) diff --git a/docs/oss/getting-started/index2.mdx b/docs/oss/getting-started/index2.mdx new file mode 100644 index 000000000..a4991bf9d --- /dev/null +++ b/docs/oss/getting-started/index2.mdx @@ -0,0 +1,116 @@ +--- +title: Introduction to Ory Open Source +--- + +We provide an open source ecosystem of services with clear boundaries that solve authentication and authorization: + +- Ory Kratos is an identity management server. +- Ory Hydra is an OAuth 2.0 and OpenID Connect provider. +- Ory Oathkeeper is an Identity and Access Proxy. +- Ory Keto is an access control server. + +Each service works standalone but you can also combine them to get the full feature set. If you've never heard of an Identity & +Access Proxy before, or you want to learn more about the individual services and how they play together, stick with us through the +next paragraphs. + +Almost every application has the concept of users and permissions. An anonymous user, for example, is allowed to read blog posts +while certain authenticated users are allowed to write blog posts. While this is the basis for most applications out there, access +control becomes increasingly complex as an application grows. What started out with a user's username and password now shifted to +machine-2-machine interaction, third party developers accessing your user's data, and maybe even a micro service system +architecture. + +Our projects solve the simplest use case and give you the ability to instantly ready the system for more complex scenarios without +painful and slow upgrade processes. + +## Ory Kratos + +![Ory Kratos](https://raw.githubusercontent.com/ory/meta/master/static/logos/logo-kratos.svg) + +The identity management server Ory Kratos enables you to implement user management, login and registration in a secure and +straightforward way. Don't rewrite every aspect of identity management yourself. Ory Kratos implements all common flows such as +login and logout, account activation, mfa/2fa, profile and session management, user facing errors and account recovery methods. +Just spin up a docker image and write a simple UI for it in the language or framework of your choice. Don't worry about GDPR, +address verification or protecting your users data against common and frequently changing attack vectors. Ory Kratos applies +security standards established by experts (National Institute of Sciences NIST, Internet Engineering Task Force IETF, Microsoft +Research, Google Research, Troy Hunt, ..), so you can concentrate on building. You have custom requirements for your users +experience? No problem, implement your own custom flows without hassle. + +## Ory Hydra + +![Ory Hydra](https://raw.githubusercontent.com/ory/meta/master/static/logos/logo-hydra.svg) + +Ory Hydra enables you to become an OAuth 2.0 and OpenID Connect provider. If you're not writing a basic web app but something that +has to work on different devices, that has machine-2-machine interaction, or enables third-party developers to use your API (and +pay for it), then this is what you're looking for. Ory Hydra isn't identity management, though. Instead, it connects to your +existing identity management (for example the one from the paragraph above, or your MySQL+PHP login service, or your Federated +SAML SSO) and is capable of issuing, in a secure and OpenID Certified manner, access, refresh, and ID tokens. Of course, it's +shipped as a 5MB Docker Image with almost no configuration required. + +## Ory Oathkeeper + +![Ory Oathkeeper](https://raw.githubusercontent.com/ory/meta/master/static/logos/logo-oathkeeper.svg) + +Now that your users access your application through, for example, a React/Angular app and a REST api, you need a way to +authenticate the user and to check if they have the necessary permissions (we call this "access control" from now on). One way +would be, of course, to add these checks in your code. Another is to deploy the 5MB Ory Oathkeeper Docker Image, define access +rules for your API endpoints (for example OAuth 2.0 Access Token + certain set of permissions, a valid JSON Web Token, a valid +SAML assertion, ...) and put it - like a firewall - in front of your services. + +## Ory Keto + +![Ory Keto](https://raw.githubusercontent.com/ory/meta/master/static/logos/logo-keto.svg) + +You might start out with a simple permission system. You've got different roles: anonymous users (not logged in), authenticated +users (logged in), and administrators. At some point however, the system gets more complex. You want to distinguish permissions +based on the user's organization, the access time (think time lock in banking), or the billing plan he/she's on. Big cloud +providers such as Amazon Web Services or Google solve this using "Access Control Policies". These policies represent flexible +rules and allow you to express complex access control scenarios. You could, of course, write your own system or spend a bit of +time educating yourself about RBAC, ACL, ABAC, ACP - or (you probably already guessed it) - boot up the 5MB Ory Keto Docker Image. +Ory Keto is able to authenticate different types of credentials (for example OAuth 2.0 Access Tokens, SAML Assertions, JSON Web +Tokens, ...) and allows you to define advanced permission rules ("Access Control Policies"). And there's of course an endpoint +that tells you if a certain set of credentials (for example an OAuth 2.0 Access Token) is allowed to modify that blog post. + +## Ory Polis + +![Ory Polis](https://raw.githubusercontent.com/ory/meta/master/static/logos/logo-polis.svg) + +Ory Polis is your trusted solution for enterprise Single Sign-On (SSO) without the headaches of SAML and OIDC. If you're building +a multi-tenant SaaS platform and your B2B customers need to sign in with their corporate identity providers—like Entra ID, Okta or +Google Workspace - Ory Polis makes it simple. Instead of creating custom SSO flows for each customer and wrestling with complex +SAML configurations, you can deploy the Ory Polis Docker image and be ready in minutes. Ory Polis abstracts away the protocol +complexity by translating SAML into a standard OAuth 2.0 or OIDC flow, creating a seamless bridge between your application and +enterprise identity providers. It’s modular, supports your preferred database, and can be self-hosted for complete control over +data and privacy. Built for flexibility and scale, Ory Polis handles as many tenants and identity providers as your business +demands. If you're delivering enterprise-grade SaaS and need SSO that just works, Ory Polis is the missing link. + +## Ory Elements + +![Ory Elements](https://raw.githubusercontent.com/ory/meta/master/static/logos/logo-elements.svg) + +Ory Elements is a component library that allows you to build custom user interfaces for Ory self-service flows. It provides a set +of pre-built components that can be easily integrated into your application, enabling you to create a seamless user experience +while leveraging Ory's powerful authentication and identity management capabilities. Ory Elements is designed to work with Ory +Kratos' self-service flows, such as login, registration, settings, verification, and recovery, as well as the OAuth2 consent flow. +It allows you to customize the look and feel of your UI to match your brand and user experience requirements. You can use Ory +Elements to build a custom UI that fits your application's design and user experience. + +## Find Your Ory Stack + +Not sure which Ory products you need? Use our [Product Selector](/welcome) to answer a few questions and discover the right Ory +products for your use case. + +## All of Ory Open Source + +```mdx-code-block +import { ProjectOverviewGraph } from "@site/src/pages/_assets/project-overview-graph" + + +``` + +If you were to use the full Ory Ecosystem, it would probably look something like this. Keep in mind that any component shown here +can be replaced or removed, depending on your use case. + +Now you know what this ecosystem has to offer you. To get some more information on the services, read the developer guide by +selecting the software of your choice from the navigation on the left! + +Contact us at [support@ory.com](mailto:support@ory.com) if you need consulting with your specific project. From 265569da555383430316ba5c4f321f0820d601b0 Mon Sep 17 00:00:00 2001 From: ory-bot <60093411+ory-bot@users.noreply.github.com> Date: Mon, 22 Jun 2026 23:47:29 +0000 Subject: [PATCH 2/8] autogen(docs): generate cli docs --- docs/kratos/cli/kratos-get-identity.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/docs/kratos/cli/kratos-get-identity.md b/docs/kratos/cli/kratos-get-identity.md index 75f4b2d65..45e8493ac 100644 --- a/docs/kratos/cli/kratos-get-identity.md +++ b/docs/kratos/cli/kratos-get-identity.md @@ -17,6 +17,8 @@ Get one or more identities by their ID(s) This command gets all the details about an identity. To get an identity by some selector, e.g. the recovery email address, use the list command in combination with jq. +Use the --external-id flag to look up identities by their external ID instead of their Ory-internal ID. + We have to admit, this is not easy if you don't speak jq fluently. What about opening an issue and telling us what predefined selectors you want to have? https://github.com/ory/kratos/issues/new/choose ``` @@ -29,11 +31,16 @@ kratos get identity [id-1] [id-2] [id-n] [flags] To get the identities with the recovery email address at the domain "ory.sh", run: kratos get identity $(kratos ls identities --format json | jq -r 'map(select(.recovery_addresses[].value | endswith("@ory.sh"))) | .[].id') + +To get an identity by its external ID, run: + + kratos get identity --external-id customer-12345 ``` ### Options ``` + --external-id Treat the provided ID(s) as external IDs and look up the identities by their external ID instead of their Ory-internal ID. -h, --help help for identity -i, --include-credentials stringArray Include third party tokens (only "oidc" supported) ``` From 569f9d8e498974a8aba0234b71f416e43dd3b005 Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Tue, 23 Jun 2026 00:57:31 +0000 Subject: [PATCH 3/8] docs: bump to 79e05a2469a39381d507936e72baed37b8300afc From 37121342bb535794c76de1a50a89c5a02b4d775e Mon Sep 17 00:00:00 2001 From: Andreas Bucksteeg Date: Tue, 23 Jun 2026 12:32:19 +0200 Subject: [PATCH 4/8] chore: update v2 thresholds (#2638) chore(rate-limits): update thresholds for v2 base-limit changes Sync the rate-limit CSVs from cloud (ory-corp/cloud) and regenerate rate-limits.json: HydraPublicHigh/KratosAdminHigh increases plus the 50->60 / 900->950 / 800->850 ratchets. --- .../rate-limits/data/bucket-to-endpoints.csv | 1 + .../rate-limits/data/bucket-to-threshold.csv | 54 +++++++++---------- src/static/rate-limits.json | 2 +- 3 files changed, 29 insertions(+), 28 deletions(-) diff --git a/src/lib/rate-limits/data/bucket-to-endpoints.csv b/src/lib/rate-limits/data/bucket-to-endpoints.csv index d0f9149f3..53a7156e9 100644 --- a/src/lib/rate-limits/data/bucket-to-endpoints.csv +++ b/src/lib/rate-limits/data/bucket-to-endpoints.csv @@ -108,6 +108,7 @@ GET,/schemas/{id},kratos-admin-medium GET,/scim/{name}/v2/Groups/{id},kratos-admin-medium GET,/scim/{name}/v2/Schemas/{id},kratos-admin-medium GET,/scim/{name}/v2/Users/{id},kratos-admin-medium +GET,/.well-known/change-password,kratos-public-high GET,/self-service/errors,kratos-public-high GET,/self-service/fed-cm/parameters,kratos-public-high HEAD,/self-service/fed-cm/parameters,kratos-public-high diff --git a/src/lib/rate-limits/data/bucket-to-threshold.csv b/src/lib/rate-limits/data/bucket-to-threshold.csv index 5ff1da865..1a7387a97 100644 --- a/src/lib/rate-limits/data/bucket-to-threshold.csv +++ b/src/lib/rate-limits/data/bucket-to-threshold.csv @@ -35,18 +35,18 @@ hydra-admin-medium,Growth,stage,30,5 hydra-admin-medium,Production,dev,30,5 hydra-admin-medium,Production,prod,30,5 hydra-admin-medium,Production,stage,30,5 -hydra-public-high,Develop,dev,60,5 -hydra-public-high,Develop,prod,60,5 -hydra-public-high,Develop,stage,60,5 -hydra-public-high,Enterprise,dev,125,6 -hydra-public-high,Enterprise,prod,1800,73 -hydra-public-high,Enterprise,stage,125,6 -hydra-public-high,Growth,dev,125,6 -hydra-public-high,Growth,prod,600,25 -hydra-public-high,Growth,stage,125,6 -hydra-public-high,Production,dev,125,6 -hydra-public-high,Production,prod,200,9 -hydra-public-high,Production,stage,125,6 +hydra-public-high,Develop,dev,70,5 +hydra-public-high,Develop,prod,70,5 +hydra-public-high,Develop,stage,70,5 +hydra-public-high,Enterprise,dev,150,7 +hydra-public-high,Enterprise,prod,2100,85 +hydra-public-high,Enterprise,stage,150,7 +hydra-public-high,Growth,dev,150,7 +hydra-public-high,Growth,prod,700,29 +hydra-public-high,Growth,stage,150,7 +hydra-public-high,Production,dev,150,7 +hydra-public-high,Production,prod,225,10 +hydra-public-high,Production,stage,150,7 hydra-public-low,Develop,dev,15,5 hydra-public-low,Develop,prod,15,5 hydra-public-low,Develop,stage,15,5 @@ -111,10 +111,10 @@ kratos-admin-high,Develop,dev,40,5 kratos-admin-high,Develop,prod,40,5 kratos-admin-high,Develop,stage,40,5 kratos-admin-high,Enterprise,dev,80,5 -kratos-admin-high,Enterprise,prod,1000,41 +kratos-admin-high,Enterprise,prod,1100,45 kratos-admin-high,Enterprise,stage,80,5 kratos-admin-high,Growth,dev,80,5 -kratos-admin-high,Growth,prod,500,21 +kratos-admin-high,Growth,prod,550,23 kratos-admin-high,Growth,stage,80,5 kratos-admin-high,Production,dev,80,5 kratos-admin-high,Production,prod,80,5 @@ -134,27 +134,27 @@ kratos-admin-low,Production,stage,175,8 kratos-admin-medium,Develop,dev,25,5 kratos-admin-medium,Develop,prod,25,5 kratos-admin-medium,Develop,stage,25,5 -kratos-admin-medium,Enterprise,dev,50,5 +kratos-admin-medium,Enterprise,dev,60,5 kratos-admin-medium,Enterprise,prod,400,17 -kratos-admin-medium,Enterprise,stage,50,5 -kratos-admin-medium,Growth,dev,50,5 +kratos-admin-medium,Enterprise,stage,60,5 +kratos-admin-medium,Growth,dev,60,5 kratos-admin-medium,Growth,prod,200,9 -kratos-admin-medium,Growth,stage,50,5 -kratos-admin-medium,Production,dev,50,5 +kratos-admin-medium,Growth,stage,60,5 +kratos-admin-medium,Production,dev,60,5 kratos-admin-medium,Production,prod,90,5 -kratos-admin-medium,Production,stage,50,5 +kratos-admin-medium,Production,stage,60,5 kratos-public-high,Develop,dev,450,19 kratos-public-high,Develop,prod,450,19 kratos-public-high,Develop,stage,450,19 -kratos-public-high,Enterprise,dev,900,37 +kratos-public-high,Enterprise,dev,950,39 kratos-public-high,Enterprise,prod,15000,601 -kratos-public-high,Enterprise,stage,900,37 -kratos-public-high,Growth,dev,900,37 +kratos-public-high,Enterprise,stage,950,39 +kratos-public-high,Growth,dev,950,39 kratos-public-high,Growth,prod,4500,181 -kratos-public-high,Growth,stage,900,37 -kratos-public-high,Production,dev,900,37 +kratos-public-high,Growth,stage,950,39 +kratos-public-high,Production,dev,950,39 kratos-public-high,Production,prod,1400,57 -kratos-public-high,Production,stage,900,37 +kratos-public-high,Production,stage,950,39 kratos-public-low,Develop,dev,20,5 kratos-public-low,Develop,prod,20,5 kratos-public-low,Develop,stage,20,5 @@ -243,7 +243,7 @@ talos-public-high,Develop,dev,60,5 talos-public-high,Develop,prod,60,5 talos-public-high,Develop,stage,60,5 talos-public-high,Enterprise,dev,125,6 -talos-public-high,Enterprise,prod,800,33 +talos-public-high,Enterprise,prod,850,35 talos-public-high,Enterprise,stage,125,6 talos-public-high,Growth,dev,125,6 talos-public-high,Growth,prod,400,17 diff --git a/src/static/rate-limits.json b/src/static/rate-limits.json index 5d898983e..623279499 100644 --- a/src/static/rate-limits.json +++ b/src/static/rate-limits.json @@ -1 +1 @@ -{"endpoints":[{"method":"GET","path":"/.well-known/openid-configuration","bucket":"hydra-public-high"},{"method":"HEAD","path":"/.well-known/openid-configuration","bucket":"hydra-public-high"},{"method":"GET","path":"/.well-known/jwks.json","bucket":"hydra-public-high"},{"method":"GET","path":"/.well-known/ory/webauthn.js","bucket":"hydra-public-high"},{"method":"HEAD","path":"/oauth2/auth","bucket":"hydra-public-high"},{"method":"OPTIONS","path":"/oauth2/auth","bucket":"hydra-public-high"},{"method":"GET","path":"/oauth2/consent","bucket":"hydra-public-high"},{"method":"POST","path":"/oauth2/device/auth","bucket":"hydra-public-high"},{"method":"GET","path":"/oauth2/fallbacks/logout/callback","bucket":"hydra-public-high"},{"method":"OPTIONS","path":"/oauth2/token","bucket":"hydra-public-high"},{"method":"GET","path":"/admin/clients","bucket":"hydra-admin-medium"},{"method":"GET","path":"/admin/trust/grants/jwt-bearer/issuers","bucket":"hydra-admin-medium"},{"method":"POST","path":"/credentials","bucket":"hydra-admin-medium"},{"method":"GET","path":"/admin/keys/{set}","bucket":"hydra-admin-medium"},{"method":"GET","path":"/admin/keys/{set}/{kid}","bucket":"hydra-admin-medium"},{"method":"GET","path":"/admin/trust/grants/jwt-bearer/issuers/{id}","bucket":"hydra-admin-medium"},{"method":"POST","path":"/admin/clients","bucket":"hydra-admin-low"},{"method":"PUT","path":"/admin/clients/{id}/lifespans","bucket":"hydra-admin-low"},{"method":"DELETE","path":"/admin/oauth2/auth/sessions/consent","bucket":"hydra-admin-low"},{"method":"DELETE","path":"/admin/oauth2/auth/sessions/login","bucket":"hydra-admin-low"},{"method":"DELETE","path":"/admin/oauth2/tokens","bucket":"hydra-admin-low"},{"method":"POST","path":"/admin/trust/grants/jwt-bearer/issuers","bucket":"hydra-admin-low"},{"method":"PUT","path":"/admin/clients/{id}","bucket":"hydra-admin-low"},{"method":"PATCH","path":"/admin/clients/{id}","bucket":"hydra-admin-low"},{"method":"DELETE","path":"/admin/clients/{id}","bucket":"hydra-admin-low"},{"method":"POST","path":"/admin/keys/{set}","bucket":"hydra-admin-low"},{"method":"PUT","path":"/admin/keys/{set}","bucket":"hydra-admin-low"},{"method":"DELETE","path":"/admin/keys/{set}","bucket":"hydra-admin-low"},{"method":"PUT","path":"/admin/keys/{set}/{kid}","bucket":"hydra-admin-low"},{"method":"DELETE","path":"/admin/keys/{set}/{kid}","bucket":"hydra-admin-low"},{"method":"DELETE","path":"/admin/trust/grants/jwt-bearer/issuers/{id}","bucket":"hydra-admin-low"},{"method":"OPTIONS","path":"/admin/clients","bucket":"hydra-admin-high"},{"method":"GET","path":"/admin/oauth2/auth/requests/consent","bucket":"hydra-admin-high"},{"method":"PUT","path":"/admin/oauth2/auth/requests/consent/accept","bucket":"hydra-admin-high"},{"method":"PUT","path":"/admin/oauth2/auth/requests/consent/reject","bucket":"hydra-admin-high"},{"method":"PUT","path":"/admin/oauth2/auth/requests/device/accept","bucket":"hydra-admin-high"},{"method":"GET","path":"/admin/oauth2/auth/requests/login","bucket":"hydra-admin-high"},{"method":"PUT","path":"/admin/oauth2/auth/requests/login/accept","bucket":"hydra-admin-high"},{"method":"PUT","path":"/admin/oauth2/auth/requests/login/reject","bucket":"hydra-admin-high"},{"method":"GET","path":"/admin/oauth2/auth/requests/logout","bucket":"hydra-admin-high"},{"method":"PUT","path":"/admin/oauth2/auth/requests/logout/accept","bucket":"hydra-admin-high"},{"method":"PUT","path":"/admin/oauth2/auth/requests/logout/reject","bucket":"hydra-admin-high"},{"method":"GET","path":"/admin/oauth2/auth/sessions/consent","bucket":"hydra-admin-high"},{"method":"POST","path":"/admin/oauth2/introspect","bucket":"hydra-admin-high"},{"method":"GET","path":"/oauth2/device/verify","bucket":"hydra-admin-high"},{"method":"GET","path":"/admin/clients/{id}","bucket":"hydra-admin-high"},{"method":"OPTIONS","path":"/admin/clients/{id}","bucket":"hydra-admin-high"},{"method":"GET","path":"/oauth2/register/{id}","bucket":"hydra-admin-high"},{"method":"GET","path":"/oauth2/auth","bucket":"hydra-public-medium"},{"method":"POST","path":"/oauth2/auth","bucket":"hydra-public-medium"},{"method":"POST","path":"/oauth2/revoke","bucket":"hydra-public-medium"},{"method":"GET","path":"/oauth2/sessions/logout","bucket":"hydra-public-medium"},{"method":"POST","path":"/oauth2/sessions/logout","bucket":"hydra-public-medium"},{"method":"POST","path":"/oauth2/token","bucket":"hydra-public-medium"},{"method":"GET","path":"/userinfo","bucket":"hydra-public-medium"},{"method":"POST","path":"/oauth2/register","bucket":"hydra-public-low"},{"method":"PUT","path":"/oauth2/register/{id}","bucket":"hydra-public-low"},{"method":"DELETE","path":"/oauth2/register/{id}","bucket":"hydra-public-low"},{"method":"PUT","path":"/admin/relation-tuples","bucket":"keto-admin-low"},{"method":"PATCH","path":"/admin/relation-tuples","bucket":"keto-admin-low"},{"method":"DELETE","path":"/admin/relation-tuples","bucket":"keto-admin-low"},{"method":"GET","path":"/namespaces","bucket":"keto-admin-low"},{"method":"POST","path":"/ory.keto.relation_tuples.v1alpha2.WriteService/TransactRelationTuples","bucket":"keto-admin-low"},{"method":"POST","path":"/opl/syntax/check","bucket":"keto-admin-medium"},{"method":"GET","path":"/relation-tuples","bucket":"keto-admin-medium"},{"method":"GET","path":"/relation-tuples/expand","bucket":"keto-admin-medium"},{"method":"POST","path":"/ory.keto.relation_tuples.v1alpha2.CheckService/BatchCheck","bucket":"keto-public-high"},{"method":"POST","path":"/ory.keto.relation_tuples.v1alpha2.CheckService/Check","bucket":"keto-public-high"},{"method":"POST","path":"/relation-tuples/batch/check","bucket":"keto-public-high"},{"method":"GET","path":"/relation-tuples/check","bucket":"keto-public-high"},{"method":"POST","path":"/relation-tuples/check","bucket":"keto-public-high"},{"method":"GET","path":"/relation-tuples/check/openapi","bucket":"keto-public-high"},{"method":"POST","path":"/relation-tuples/check/openapi","bucket":"keto-public-high"},{"method":"GET","path":"/admin/courier/messages","bucket":"kratos-admin-low"},{"method":"POST","path":"/admin/identities","bucket":"kratos-admin-low"},{"method":"PATCH","path":"/admin/identities","bucket":"kratos-admin-low"},{"method":"DELETE","path":"/admin/identities/{id}/sessions","bucket":"kratos-admin-low"},{"method":"POST","path":"/admin/recovery/code","bucket":"kratos-admin-low"},{"method":"POST","path":"/admin/recovery/link","bucket":"kratos-admin-low"},{"method":"PATCH","path":"/admin/sessions/{id}/extend","bucket":"kratos-admin-low"},{"method":"POST","path":"/scim/{name}/v2/Groups","bucket":"kratos-admin-low"},{"method":"POST","path":"/scim/{name}/v2/Users","bucket":"kratos-admin-low"},{"method":"PUT","path":"/admin/identities/{id}","bucket":"kratos-admin-low"},{"method":"PATCH","path":"/admin/identities/{id}","bucket":"kratos-admin-low"},{"method":"DELETE","path":"/admin/identities/{id}","bucket":"kratos-admin-low"},{"method":"DELETE","path":"/admin/identities/{id}/credentials/{type}","bucket":"kratos-admin-low"},{"method":"DELETE","path":"/admin/sessions/{id}","bucket":"kratos-admin-low"},{"method":"OPTIONS","path":"/admin/sessions","bucket":"kratos-admin-low"},{"method":"POST","path":"/admin/sessions","bucket":"kratos-admin-low"},{"method":"PUT","path":"/scim/{name}/v2/Groups/{id}","bucket":"kratos-admin-low"},{"method":"PATCH","path":"/scim/{name}/v2/Groups/{id}","bucket":"kratos-admin-low"},{"method":"DELETE","path":"/scim/{name}/v2/Groups/{id}","bucket":"kratos-admin-low"},{"method":"PUT","path":"/scim/{name}/v2/Users/{id}","bucket":"kratos-admin-low"},{"method":"PATCH","path":"/scim/{name}/v2/Users/{id}","bucket":"kratos-admin-low"},{"method":"DELETE","path":"/scim/{name}/v2/Users/{id}","bucket":"kratos-admin-low"},{"method":"GET","path":"/admin/identities","bucket":"kratos-admin-medium"},{"method":"GET","path":"/admin/identities/{id}/sessions","bucket":"kratos-admin-medium"},{"method":"GET","path":"/admin/sessions","bucket":"kratos-admin-medium"},{"method":"GET","path":"/schemas","bucket":"kratos-admin-medium"},{"method":"GET","path":"/scim/{name}/v2/Groups","bucket":"kratos-admin-medium"},{"method":"GET","path":"/scim/{name}/v2/Schemas","bucket":"kratos-admin-medium"},{"method":"GET","path":"/scim/{name}/v2/ServiceProviderConfig","bucket":"kratos-admin-medium"},{"method":"GET","path":"/scim/{name}/v2/Users","bucket":"kratos-admin-medium"},{"method":"GET","path":"/admin/courier/messages/{id}","bucket":"kratos-admin-medium"},{"method":"GET","path":"/admin/identities/by/external/{externalID}","bucket":"kratos-admin-medium"},{"method":"GET","path":"/schemas/{id}","bucket":"kratos-admin-medium"},{"method":"GET","path":"/scim/{name}/v2/Groups/{id}","bucket":"kratos-admin-medium"},{"method":"GET","path":"/scim/{name}/v2/Schemas/{id}","bucket":"kratos-admin-medium"},{"method":"GET","path":"/scim/{name}/v2/Users/{id}","bucket":"kratos-admin-medium"},{"method":"GET","path":"/self-service/errors","bucket":"kratos-public-high"},{"method":"GET","path":"/self-service/fed-cm/parameters","bucket":"kratos-public-high"},{"method":"HEAD","path":"/self-service/fed-cm/parameters","bucket":"kratos-public-high"},{"method":"OPTIONS","path":"/self-service/fed-cm/token","bucket":"kratos-public-high"},{"method":"GET","path":"/self-service/login","bucket":"kratos-public-high"},{"method":"OPTIONS","path":"/self-service/login","bucket":"kratos-public-high"},{"method":"HEAD","path":"/self-service/login/browser","bucket":"kratos-public-high"},{"method":"OPTIONS","path":"/self-service/login/browser","bucket":"kratos-public-high"},{"method":"GET","path":"/self-service/login/flows","bucket":"kratos-public-high"},{"method":"OPTIONS","path":"/self-service/login/flows","bucket":"kratos-public-high"},{"method":"GET","path":"/self-service/logout","bucket":"kratos-public-high"},{"method":"OPTIONS","path":"/self-service/logout","bucket":"kratos-public-high"},{"method":"OPTIONS","path":"/self-service/logout/browser","bucket":"kratos-public-high"},{"method":"GET","path":"/self-service/methods/oidc/callback","bucket":"kratos-public-high"},{"method":"GET","path":"/self-service/recovery","bucket":"kratos-public-high"},{"method":"HEAD","path":"/self-service/recovery","bucket":"kratos-public-high"},{"method":"OPTIONS","path":"/self-service/recovery","bucket":"kratos-public-high"},{"method":"HEAD","path":"/self-service/recovery/browser","bucket":"kratos-public-high"},{"method":"OPTIONS","path":"/self-service/recovery/browser","bucket":"kratos-public-high"},{"method":"GET","path":"/self-service/recovery/flows","bucket":"kratos-public-high"},{"method":"OPTIONS","path":"/self-service/recovery/flows","bucket":"kratos-public-high"},{"method":"GET","path":"/self-service/registration","bucket":"kratos-public-high"},{"method":"OPTIONS","path":"/self-service/registration","bucket":"kratos-public-high"},{"method":"HEAD","path":"/self-service/registration/browser","bucket":"kratos-public-high"},{"method":"OPTIONS","path":"/self-service/registration/browser","bucket":"kratos-public-high"},{"method":"GET","path":"/self-service/registration/flows","bucket":"kratos-public-high"},{"method":"GET","path":"/self-service/settings","bucket":"kratos-public-high"},{"method":"OPTIONS","path":"/self-service/settings","bucket":"kratos-public-high"},{"method":"GET","path":"/self-service/settings/flows","bucket":"kratos-public-high"},{"method":"GET","path":"/self-service/verification","bucket":"kratos-public-high"},{"method":"HEAD","path":"/self-service/verification","bucket":"kratos-public-high"},{"method":"OPTIONS","path":"/self-service/verification","bucket":"kratos-public-high"},{"method":"HEAD","path":"/self-service/verification/browser","bucket":"kratos-public-high"},{"method":"GET","path":"/self-service/verification/flows","bucket":"kratos-public-high"},{"method":"OPTIONS","path":"/self-service/verification/flows","bucket":"kratos-public-high"},{"method":"OPTIONS","path":"/sessions","bucket":"kratos-public-high"},{"method":"GET","path":"/sessions/whoami","bucket":"kratos-public-high"},{"method":"HEAD","path":"/self-service/methods/oidc/callback/{id}","bucket":"kratos-public-high"},{"method":"HEAD","path":"/self-service/methods/oidc/callback/{name}","bucket":"kratos-public-high"},{"method":"POST","path":"/self-service/fed-cm/token","bucket":"kratos-public-low"},{"method":"POST","path":"/self-service/login","bucket":"kratos-public-low"},{"method":"POST","path":"/self-service/recovery","bucket":"kratos-public-low"},{"method":"POST","path":"/self-service/registration","bucket":"kratos-public-low"},{"method":"POST","path":"/self-service/settings","bucket":"kratos-public-low"},{"method":"POST","path":"/self-service/verification","bucket":"kratos-public-low"},{"method":"DELETE","path":"/sessions","bucket":"kratos-public-low"},{"method":"DELETE","path":"/sessions/{id}","bucket":"kratos-public-low"},{"method":"GET","path":"/self-service/login/api","bucket":"kratos-public-medium"},{"method":"GET","path":"/self-service/login/browser","bucket":"kratos-public-medium"},{"method":"POST","path":"/self-service/login/browser","bucket":"kratos-public-medium"},{"method":"DELETE","path":"/self-service/logout/api","bucket":"kratos-public-medium"},{"method":"GET","path":"/self-service/logout/browser","bucket":"kratos-public-medium"},{"method":"GET","path":"/self-service/recovery/api","bucket":"kratos-public-medium"},{"method":"GET","path":"/self-service/recovery/browser","bucket":"kratos-public-medium"},{"method":"GET","path":"/self-service/registration/api","bucket":"kratos-public-medium"},{"method":"GET","path":"/self-service/registration/browser","bucket":"kratos-public-medium"},{"method":"GET","path":"/self-service/settings/api","bucket":"kratos-public-medium"},{"method":"GET","path":"/self-service/settings/browser","bucket":"kratos-public-medium"},{"method":"GET","path":"/self-service/verification/api","bucket":"kratos-public-medium"},{"method":"GET","path":"/self-service/verification/browser","bucket":"kratos-public-medium"},{"method":"GET","path":"/sessions","bucket":"kratos-public-medium"},{"method":"GET","path":"/sessions/token-exchange","bucket":"kratos-public-medium"},{"method":"GET","path":"/self-service/methods/oidc/callback/{id}","bucket":"kratos-public-medium"},{"method":"GET","path":"/self-service/methods/oidc/callback/{name}","bucket":"kratos-public-medium"},{"method":"GET","path":"/self-service/methods/oidc/organizations/{id}","bucket":"kratos-public-medium"},{"method":"GET","path":"/self-service/methods/saml/callback/{name}","bucket":"kratos-public-medium"},{"method":"GET","path":"/self-service/methods/saml/organizations/{id}","bucket":"kratos-public-medium"},{"method":"GET","path":"/admin/identities/{id}","bucket":"kratos-admin-high"},{"method":"OPTIONS","path":"/admin/identities/{id}","bucket":"kratos-admin-high"},{"method":"GET","path":"/admin/sessions/{id}","bucket":"kratos-admin-high"},{"method":"GET","path":"/api/v1/dsync","bucket":"polis-public-high"},{"method":"GET","path":"/api/v1/dsync/events","bucket":"polis-public-high"},{"method":"GET","path":"/api/v1/dsync/groups","bucket":"polis-public-high"},{"method":"GET","path":"/api/v1/dsync/product","bucket":"polis-public-high"},{"method":"GET","path":"/api/v1/dsync/setuplinks","bucket":"polis-public-high"},{"method":"GET","path":"/api/v1/dsync/setuplinks/product","bucket":"polis-public-high"},{"method":"GET","path":"/api/v1/dsync/users","bucket":"polis-public-high"},{"method":"GET","path":"/api/v1/identity-federation","bucket":"polis-public-high"},{"method":"GET","path":"/api/v1/identity-federation/product","bucket":"polis-public-high"},{"method":"GET","path":"/api/v1/sso","bucket":"polis-public-high"},{"method":"GET","path":"/api/v1/sso/product","bucket":"polis-public-high"},{"method":"GET","path":"/api/v1/sso-traces","bucket":"polis-public-high"},{"method":"GET","path":"/api/v1/sso-traces/product","bucket":"polis-public-high"},{"method":"GET","path":"/oauth/userinfo","bucket":"polis-public-high"},{"method":"GET","path":"/saml/.well-known/idp-metadata","bucket":"polis-public-high"},{"method":"GET","path":"/saml/.well-known/sp-metadata","bucket":"polis-public-high"},{"method":"GET","path":"/saml/.well-known/saml.cer","bucket":"polis-public-high"},{"method":"GET","path":"/saml/api/error","bucket":"polis-public-high"},{"method":"GET","path":"/api/v1/dsync/groups/{groupId}","bucket":"polis-public-high"},{"method":"GET","path":"/api/v1/dsync/groups/{groupId}/members","bucket":"polis-public-high"},{"method":"GET","path":"/api/v1/dsync/users/{userId}","bucket":"polis-public-high"},{"method":"DELETE","path":"/api/v1/dsync/setuplinks","bucket":"polis-public-medium"},{"method":"DELETE","path":"/api/v1/identity-federation","bucket":"polis-public-medium"},{"method":"DELETE","path":"/api/v1/sso","bucket":"polis-public-medium"},{"method":"PATCH","path":"/api/v1/identity-federation","bucket":"polis-public-medium"},{"method":"PATCH","path":"/api/v1/sso","bucket":"polis-public-medium"},{"method":"POST","path":"/api/v1/dsync","bucket":"polis-public-medium"},{"method":"POST","path":"/api/v1/dsync/setuplinks","bucket":"polis-public-medium"},{"method":"POST","path":"/api/v1/identity-federation","bucket":"polis-public-medium"},{"method":"POST","path":"/api/v1/sso","bucket":"polis-public-medium"},{"method":"POST","path":"/oauth/token","bucket":"polis-public-medium"},{"method":"GET","path":"/saml/api/identity-federation/sso","bucket":"polis-public-medium"},{"method":"POST","path":"/saml/api/identity-federation/sso","bucket":"polis-public-medium"},{"method":"GET","path":"/saml/api/oauth/authorize","bucket":"polis-public-medium"},{"method":"POST","path":"/saml/api/oauth/authorize","bucket":"polis-public-medium"},{"method":"GET","path":"/saml/api/oauth/oidc","bucket":"polis-public-medium"},{"method":"POST","path":"/saml/api/oauth/saml","bucket":"polis-public-medium"},{"method":"PATCH","path":"/api/v1/dsync/{directoryId}","bucket":"polis-public-medium"}],"thresholds":[{"bucket":"hydra-admin-high","tier":"Developer","env":"Development","rpm":80,"rps":5},{"bucket":"hydra-admin-high","tier":"Enterprise","env":"Development","rpm":175,"rps":8},{"bucket":"hydra-admin-high","tier":"Enterprise","env":"Production","rpm":8750,"rps":351},{"bucket":"hydra-admin-high","tier":"Enterprise","env":"Staging","rpm":175,"rps":8},{"bucket":"hydra-admin-high","tier":"Growth","env":"Development","rpm":175,"rps":8},{"bucket":"hydra-admin-high","tier":"Growth","env":"Production","rpm":4300,"rps":173},{"bucket":"hydra-admin-high","tier":"Growth","env":"Staging","rpm":175,"rps":8},{"bucket":"hydra-admin-high","tier":"Production","env":"Development","rpm":175,"rps":8},{"bucket":"hydra-admin-high","tier":"Production","env":"Production","rpm":175,"rps":8},{"bucket":"hydra-admin-high","tier":"Production","env":"Staging","rpm":175,"rps":8},{"bucket":"hydra-admin-low","tier":"Developer","env":"Development","rpm":15,"rps":5},{"bucket":"hydra-admin-low","tier":"Enterprise","env":"Development","rpm":30,"rps":5},{"bucket":"hydra-admin-low","tier":"Enterprise","env":"Production","rpm":700,"rps":29},{"bucket":"hydra-admin-low","tier":"Enterprise","env":"Staging","rpm":30,"rps":5},{"bucket":"hydra-admin-low","tier":"Growth","env":"Development","rpm":30,"rps":5},{"bucket":"hydra-admin-low","tier":"Growth","env":"Production","rpm":350,"rps":15},{"bucket":"hydra-admin-low","tier":"Growth","env":"Staging","rpm":30,"rps":5},{"bucket":"hydra-admin-low","tier":"Production","env":"Development","rpm":30,"rps":5},{"bucket":"hydra-admin-low","tier":"Production","env":"Production","rpm":35,"rps":5},{"bucket":"hydra-admin-low","tier":"Production","env":"Staging","rpm":30,"rps":5},{"bucket":"hydra-admin-medium","tier":"Developer","env":"Development","rpm":15,"rps":5},{"bucket":"hydra-admin-medium","tier":"Enterprise","env":"Development","rpm":30,"rps":5},{"bucket":"hydra-admin-medium","tier":"Enterprise","env":"Production","rpm":125,"rps":6},{"bucket":"hydra-admin-medium","tier":"Enterprise","env":"Staging","rpm":30,"rps":5},{"bucket":"hydra-admin-medium","tier":"Growth","env":"Development","rpm":30,"rps":5},{"bucket":"hydra-admin-medium","tier":"Growth","env":"Production","rpm":60,"rps":5},{"bucket":"hydra-admin-medium","tier":"Growth","env":"Staging","rpm":30,"rps":5},{"bucket":"hydra-admin-medium","tier":"Production","env":"Development","rpm":30,"rps":5},{"bucket":"hydra-admin-medium","tier":"Production","env":"Production","rpm":30,"rps":5},{"bucket":"hydra-admin-medium","tier":"Production","env":"Staging","rpm":30,"rps":5},{"bucket":"hydra-public-high","tier":"Developer","env":"Development","rpm":60,"rps":5},{"bucket":"hydra-public-high","tier":"Enterprise","env":"Development","rpm":125,"rps":6},{"bucket":"hydra-public-high","tier":"Enterprise","env":"Production","rpm":1800,"rps":73},{"bucket":"hydra-public-high","tier":"Enterprise","env":"Staging","rpm":125,"rps":6},{"bucket":"hydra-public-high","tier":"Growth","env":"Development","rpm":125,"rps":6},{"bucket":"hydra-public-high","tier":"Growth","env":"Production","rpm":600,"rps":25},{"bucket":"hydra-public-high","tier":"Growth","env":"Staging","rpm":125,"rps":6},{"bucket":"hydra-public-high","tier":"Production","env":"Development","rpm":125,"rps":6},{"bucket":"hydra-public-high","tier":"Production","env":"Production","rpm":200,"rps":9},{"bucket":"hydra-public-high","tier":"Production","env":"Staging","rpm":125,"rps":6},{"bucket":"hydra-public-low","tier":"Developer","env":"Development","rpm":15,"rps":5},{"bucket":"hydra-public-low","tier":"Enterprise","env":"Development","rpm":30,"rps":5},{"bucket":"hydra-public-low","tier":"Enterprise","env":"Production","rpm":450,"rps":19},{"bucket":"hydra-public-low","tier":"Enterprise","env":"Staging","rpm":30,"rps":5},{"bucket":"hydra-public-low","tier":"Growth","env":"Development","rpm":30,"rps":5},{"bucket":"hydra-public-low","tier":"Growth","env":"Production","rpm":150,"rps":7},{"bucket":"hydra-public-low","tier":"Growth","env":"Staging","rpm":30,"rps":5},{"bucket":"hydra-public-low","tier":"Production","env":"Development","rpm":30,"rps":5},{"bucket":"hydra-public-low","tier":"Production","env":"Production","rpm":45,"rps":5},{"bucket":"hydra-public-low","tier":"Production","env":"Staging","rpm":30,"rps":5},{"bucket":"hydra-public-medium","tier":"Developer","env":"Development","rpm":125,"rps":6},{"bucket":"hydra-public-medium","tier":"Enterprise","env":"Development","rpm":250,"rps":11},{"bucket":"hydra-public-medium","tier":"Enterprise","env":"Production","rpm":3600,"rps":145},{"bucket":"hydra-public-medium","tier":"Enterprise","env":"Staging","rpm":250,"rps":11},{"bucket":"hydra-public-medium","tier":"Growth","env":"Development","rpm":250,"rps":11},{"bucket":"hydra-public-medium","tier":"Growth","env":"Production","rpm":1200,"rps":49},{"bucket":"hydra-public-medium","tier":"Growth","env":"Staging","rpm":250,"rps":11},{"bucket":"hydra-public-medium","tier":"Production","env":"Development","rpm":250,"rps":11},{"bucket":"hydra-public-medium","tier":"Production","env":"Production","rpm":375,"rps":16},{"bucket":"hydra-public-medium","tier":"Production","env":"Staging","rpm":250,"rps":11},{"bucket":"keto-admin-low","tier":"Developer","env":"Development","rpm":80,"rps":5},{"bucket":"keto-admin-low","tier":"Enterprise","env":"Development","rpm":175,"rps":8},{"bucket":"keto-admin-low","tier":"Enterprise","env":"Production","rpm":700,"rps":29},{"bucket":"keto-admin-low","tier":"Enterprise","env":"Staging","rpm":175,"rps":8},{"bucket":"keto-admin-low","tier":"Growth","env":"Development","rpm":175,"rps":8},{"bucket":"keto-admin-low","tier":"Growth","env":"Production","rpm":350,"rps":15},{"bucket":"keto-admin-low","tier":"Growth","env":"Staging","rpm":175,"rps":8},{"bucket":"keto-admin-low","tier":"Production","env":"Development","rpm":175,"rps":8},{"bucket":"keto-admin-low","tier":"Production","env":"Production","rpm":175,"rps":8},{"bucket":"keto-admin-low","tier":"Production","env":"Staging","rpm":175,"rps":8},{"bucket":"keto-admin-medium","tier":"Developer","env":"Development","rpm":125,"rps":6},{"bucket":"keto-admin-medium","tier":"Enterprise","env":"Development","rpm":250,"rps":11},{"bucket":"keto-admin-medium","tier":"Enterprise","env":"Production","rpm":2200,"rps":89},{"bucket":"keto-admin-medium","tier":"Enterprise","env":"Staging","rpm":250,"rps":11},{"bucket":"keto-admin-medium","tier":"Growth","env":"Development","rpm":250,"rps":11},{"bucket":"keto-admin-medium","tier":"Growth","env":"Production","rpm":1100,"rps":45},{"bucket":"keto-admin-medium","tier":"Growth","env":"Staging","rpm":250,"rps":11},{"bucket":"keto-admin-medium","tier":"Production","env":"Development","rpm":250,"rps":11},{"bucket":"keto-admin-medium","tier":"Production","env":"Production","rpm":550,"rps":23},{"bucket":"keto-admin-medium","tier":"Production","env":"Staging","rpm":250,"rps":11},{"bucket":"keto-public-high","tier":"Developer","env":"Development","rpm":250,"rps":11},{"bucket":"keto-public-high","tier":"Enterprise","env":"Development","rpm":500,"rps":21},{"bucket":"keto-public-high","tier":"Enterprise","env":"Production","rpm":7500,"rps":301},{"bucket":"keto-public-high","tier":"Enterprise","env":"Staging","rpm":500,"rps":21},{"bucket":"keto-public-high","tier":"Growth","env":"Development","rpm":500,"rps":21},{"bucket":"keto-public-high","tier":"Growth","env":"Production","rpm":2500,"rps":101},{"bucket":"keto-public-high","tier":"Growth","env":"Staging","rpm":500,"rps":21},{"bucket":"keto-public-high","tier":"Production","env":"Development","rpm":500,"rps":21},{"bucket":"keto-public-high","tier":"Production","env":"Production","rpm":750,"rps":31},{"bucket":"keto-public-high","tier":"Production","env":"Staging","rpm":500,"rps":21},{"bucket":"kratos-admin-high","tier":"Developer","env":"Development","rpm":40,"rps":5},{"bucket":"kratos-admin-high","tier":"Enterprise","env":"Development","rpm":80,"rps":5},{"bucket":"kratos-admin-high","tier":"Enterprise","env":"Production","rpm":1000,"rps":41},{"bucket":"kratos-admin-high","tier":"Enterprise","env":"Staging","rpm":80,"rps":5},{"bucket":"kratos-admin-high","tier":"Growth","env":"Development","rpm":80,"rps":5},{"bucket":"kratos-admin-high","tier":"Growth","env":"Production","rpm":500,"rps":21},{"bucket":"kratos-admin-high","tier":"Growth","env":"Staging","rpm":80,"rps":5},{"bucket":"kratos-admin-high","tier":"Production","env":"Development","rpm":80,"rps":5},{"bucket":"kratos-admin-high","tier":"Production","env":"Production","rpm":80,"rps":5},{"bucket":"kratos-admin-high","tier":"Production","env":"Staging","rpm":80,"rps":5},{"bucket":"kratos-admin-low","tier":"Developer","env":"Development","rpm":80,"rps":5},{"bucket":"kratos-admin-low","tier":"Enterprise","env":"Development","rpm":175,"rps":8},{"bucket":"kratos-admin-low","tier":"Enterprise","env":"Production","rpm":850,"rps":35},{"bucket":"kratos-admin-low","tier":"Enterprise","env":"Staging","rpm":175,"rps":8},{"bucket":"kratos-admin-low","tier":"Growth","env":"Development","rpm":175,"rps":8},{"bucket":"kratos-admin-low","tier":"Growth","env":"Production","rpm":425,"rps":18},{"bucket":"kratos-admin-low","tier":"Growth","env":"Staging","rpm":175,"rps":8},{"bucket":"kratos-admin-low","tier":"Production","env":"Development","rpm":175,"rps":8},{"bucket":"kratos-admin-low","tier":"Production","env":"Production","rpm":175,"rps":8},{"bucket":"kratos-admin-low","tier":"Production","env":"Staging","rpm":175,"rps":8},{"bucket":"kratos-admin-medium","tier":"Developer","env":"Development","rpm":25,"rps":5},{"bucket":"kratos-admin-medium","tier":"Enterprise","env":"Development","rpm":50,"rps":5},{"bucket":"kratos-admin-medium","tier":"Enterprise","env":"Production","rpm":400,"rps":17},{"bucket":"kratos-admin-medium","tier":"Enterprise","env":"Staging","rpm":50,"rps":5},{"bucket":"kratos-admin-medium","tier":"Growth","env":"Development","rpm":50,"rps":5},{"bucket":"kratos-admin-medium","tier":"Growth","env":"Production","rpm":200,"rps":9},{"bucket":"kratos-admin-medium","tier":"Growth","env":"Staging","rpm":50,"rps":5},{"bucket":"kratos-admin-medium","tier":"Production","env":"Development","rpm":50,"rps":5},{"bucket":"kratos-admin-medium","tier":"Production","env":"Production","rpm":90,"rps":5},{"bucket":"kratos-admin-medium","tier":"Production","env":"Staging","rpm":50,"rps":5},{"bucket":"kratos-public-high","tier":"Developer","env":"Development","rpm":450,"rps":19},{"bucket":"kratos-public-high","tier":"Enterprise","env":"Development","rpm":900,"rps":37},{"bucket":"kratos-public-high","tier":"Enterprise","env":"Production","rpm":15000,"rps":601},{"bucket":"kratos-public-high","tier":"Enterprise","env":"Staging","rpm":900,"rps":37},{"bucket":"kratos-public-high","tier":"Growth","env":"Development","rpm":900,"rps":37},{"bucket":"kratos-public-high","tier":"Growth","env":"Production","rpm":4500,"rps":181},{"bucket":"kratos-public-high","tier":"Growth","env":"Staging","rpm":900,"rps":37},{"bucket":"kratos-public-high","tier":"Production","env":"Development","rpm":900,"rps":37},{"bucket":"kratos-public-high","tier":"Production","env":"Production","rpm":1400,"rps":57},{"bucket":"kratos-public-high","tier":"Production","env":"Staging","rpm":900,"rps":37},{"bucket":"kratos-public-low","tier":"Developer","env":"Development","rpm":20,"rps":5},{"bucket":"kratos-public-low","tier":"Enterprise","env":"Development","rpm":40,"rps":5},{"bucket":"kratos-public-low","tier":"Enterprise","env":"Production","rpm":600,"rps":25},{"bucket":"kratos-public-low","tier":"Enterprise","env":"Staging","rpm":40,"rps":5},{"bucket":"kratos-public-low","tier":"Growth","env":"Development","rpm":40,"rps":5},{"bucket":"kratos-public-low","tier":"Growth","env":"Production","rpm":200,"rps":9},{"bucket":"kratos-public-low","tier":"Growth","env":"Staging","rpm":40,"rps":5},{"bucket":"kratos-public-low","tier":"Production","env":"Development","rpm":40,"rps":5},{"bucket":"kratos-public-low","tier":"Production","env":"Production","rpm":60,"rps":5},{"bucket":"kratos-public-low","tier":"Production","env":"Staging","rpm":40,"rps":5},{"bucket":"kratos-public-medium","tier":"Developer","env":"Development","rpm":100,"rps":5},{"bucket":"kratos-public-medium","tier":"Enterprise","env":"Development","rpm":200,"rps":9},{"bucket":"kratos-public-medium","tier":"Enterprise","env":"Production","rpm":3000,"rps":121},{"bucket":"kratos-public-medium","tier":"Enterprise","env":"Staging","rpm":200,"rps":9},{"bucket":"kratos-public-medium","tier":"Growth","env":"Development","rpm":200,"rps":9},{"bucket":"kratos-public-medium","tier":"Growth","env":"Production","rpm":1000,"rps":41},{"bucket":"kratos-public-medium","tier":"Growth","env":"Staging","rpm":200,"rps":9},{"bucket":"kratos-public-medium","tier":"Production","env":"Development","rpm":200,"rps":9},{"bucket":"kratos-public-medium","tier":"Production","env":"Production","rpm":325,"rps":14},{"bucket":"kratos-public-medium","tier":"Production","env":"Staging","rpm":200,"rps":9},{"bucket":"polis-public-high","tier":"Developer","env":"Development","rpm":15,"rps":5},{"bucket":"polis-public-high","tier":"Enterprise","env":"Development","rpm":30,"rps":5},{"bucket":"polis-public-high","tier":"Enterprise","env":"Production","rpm":450,"rps":19},{"bucket":"polis-public-high","tier":"Enterprise","env":"Staging","rpm":30,"rps":5},{"bucket":"polis-public-high","tier":"Growth","env":"Development","rpm":30,"rps":5},{"bucket":"polis-public-high","tier":"Growth","env":"Production","rpm":150,"rps":7},{"bucket":"polis-public-high","tier":"Growth","env":"Staging","rpm":30,"rps":5},{"bucket":"polis-public-high","tier":"Production","env":"Development","rpm":30,"rps":5},{"bucket":"polis-public-high","tier":"Production","env":"Production","rpm":45,"rps":5},{"bucket":"polis-public-high","tier":"Production","env":"Staging","rpm":30,"rps":5},{"bucket":"polis-public-medium","tier":"Developer","env":"Development","rpm":20,"rps":5},{"bucket":"polis-public-medium","tier":"Enterprise","env":"Development","rpm":40,"rps":5},{"bucket":"polis-public-medium","tier":"Enterprise","env":"Production","rpm":600,"rps":25},{"bucket":"polis-public-medium","tier":"Enterprise","env":"Staging","rpm":40,"rps":5},{"bucket":"polis-public-medium","tier":"Growth","env":"Development","rpm":40,"rps":5},{"bucket":"polis-public-medium","tier":"Growth","env":"Production","rpm":200,"rps":9},{"bucket":"polis-public-medium","tier":"Growth","env":"Staging","rpm":40,"rps":5},{"bucket":"polis-public-medium","tier":"Production","env":"Development","rpm":40,"rps":5},{"bucket":"polis-public-medium","tier":"Production","env":"Production","rpm":60,"rps":5},{"bucket":"polis-public-medium","tier":"Production","env":"Staging","rpm":40,"rps":5}]} \ No newline at end of file +{"endpoints":[{"method":"GET","path":"/.well-known/openid-configuration","bucket":"hydra-public-high"},{"method":"HEAD","path":"/.well-known/openid-configuration","bucket":"hydra-public-high"},{"method":"GET","path":"/.well-known/jwks.json","bucket":"hydra-public-high"},{"method":"GET","path":"/.well-known/ory/webauthn.js","bucket":"hydra-public-high"},{"method":"HEAD","path":"/oauth2/auth","bucket":"hydra-public-high"},{"method":"OPTIONS","path":"/oauth2/auth","bucket":"hydra-public-high"},{"method":"GET","path":"/oauth2/consent","bucket":"hydra-public-high"},{"method":"POST","path":"/oauth2/device/auth","bucket":"hydra-public-high"},{"method":"GET","path":"/oauth2/fallbacks/logout/callback","bucket":"hydra-public-high"},{"method":"OPTIONS","path":"/oauth2/token","bucket":"hydra-public-high"},{"method":"GET","path":"/admin/clients","bucket":"hydra-admin-medium"},{"method":"GET","path":"/admin/trust/grants/jwt-bearer/issuers","bucket":"hydra-admin-medium"},{"method":"POST","path":"/credentials","bucket":"hydra-admin-medium"},{"method":"GET","path":"/admin/keys/{set}","bucket":"hydra-admin-medium"},{"method":"GET","path":"/admin/keys/{set}/{kid}","bucket":"hydra-admin-medium"},{"method":"GET","path":"/admin/trust/grants/jwt-bearer/issuers/{id}","bucket":"hydra-admin-medium"},{"method":"POST","path":"/admin/clients","bucket":"hydra-admin-low"},{"method":"PUT","path":"/admin/clients/{id}/lifespans","bucket":"hydra-admin-low"},{"method":"DELETE","path":"/admin/oauth2/auth/sessions/consent","bucket":"hydra-admin-low"},{"method":"DELETE","path":"/admin/oauth2/auth/sessions/login","bucket":"hydra-admin-low"},{"method":"DELETE","path":"/admin/oauth2/tokens","bucket":"hydra-admin-low"},{"method":"POST","path":"/admin/trust/grants/jwt-bearer/issuers","bucket":"hydra-admin-low"},{"method":"PUT","path":"/admin/clients/{id}","bucket":"hydra-admin-low"},{"method":"PATCH","path":"/admin/clients/{id}","bucket":"hydra-admin-low"},{"method":"DELETE","path":"/admin/clients/{id}","bucket":"hydra-admin-low"},{"method":"POST","path":"/admin/keys/{set}","bucket":"hydra-admin-low"},{"method":"PUT","path":"/admin/keys/{set}","bucket":"hydra-admin-low"},{"method":"DELETE","path":"/admin/keys/{set}","bucket":"hydra-admin-low"},{"method":"PUT","path":"/admin/keys/{set}/{kid}","bucket":"hydra-admin-low"},{"method":"DELETE","path":"/admin/keys/{set}/{kid}","bucket":"hydra-admin-low"},{"method":"DELETE","path":"/admin/trust/grants/jwt-bearer/issuers/{id}","bucket":"hydra-admin-low"},{"method":"OPTIONS","path":"/admin/clients","bucket":"hydra-admin-high"},{"method":"GET","path":"/admin/oauth2/auth/requests/consent","bucket":"hydra-admin-high"},{"method":"PUT","path":"/admin/oauth2/auth/requests/consent/accept","bucket":"hydra-admin-high"},{"method":"PUT","path":"/admin/oauth2/auth/requests/consent/reject","bucket":"hydra-admin-high"},{"method":"PUT","path":"/admin/oauth2/auth/requests/device/accept","bucket":"hydra-admin-high"},{"method":"GET","path":"/admin/oauth2/auth/requests/login","bucket":"hydra-admin-high"},{"method":"PUT","path":"/admin/oauth2/auth/requests/login/accept","bucket":"hydra-admin-high"},{"method":"PUT","path":"/admin/oauth2/auth/requests/login/reject","bucket":"hydra-admin-high"},{"method":"GET","path":"/admin/oauth2/auth/requests/logout","bucket":"hydra-admin-high"},{"method":"PUT","path":"/admin/oauth2/auth/requests/logout/accept","bucket":"hydra-admin-high"},{"method":"PUT","path":"/admin/oauth2/auth/requests/logout/reject","bucket":"hydra-admin-high"},{"method":"GET","path":"/admin/oauth2/auth/sessions/consent","bucket":"hydra-admin-high"},{"method":"POST","path":"/admin/oauth2/introspect","bucket":"hydra-admin-high"},{"method":"GET","path":"/oauth2/device/verify","bucket":"hydra-admin-high"},{"method":"GET","path":"/admin/clients/{id}","bucket":"hydra-admin-high"},{"method":"OPTIONS","path":"/admin/clients/{id}","bucket":"hydra-admin-high"},{"method":"GET","path":"/oauth2/register/{id}","bucket":"hydra-admin-high"},{"method":"GET","path":"/oauth2/auth","bucket":"hydra-public-medium"},{"method":"POST","path":"/oauth2/auth","bucket":"hydra-public-medium"},{"method":"POST","path":"/oauth2/revoke","bucket":"hydra-public-medium"},{"method":"GET","path":"/oauth2/sessions/logout","bucket":"hydra-public-medium"},{"method":"POST","path":"/oauth2/sessions/logout","bucket":"hydra-public-medium"},{"method":"POST","path":"/oauth2/token","bucket":"hydra-public-medium"},{"method":"GET","path":"/userinfo","bucket":"hydra-public-medium"},{"method":"POST","path":"/oauth2/register","bucket":"hydra-public-low"},{"method":"PUT","path":"/oauth2/register/{id}","bucket":"hydra-public-low"},{"method":"DELETE","path":"/oauth2/register/{id}","bucket":"hydra-public-low"},{"method":"PUT","path":"/admin/relation-tuples","bucket":"keto-admin-low"},{"method":"PATCH","path":"/admin/relation-tuples","bucket":"keto-admin-low"},{"method":"DELETE","path":"/admin/relation-tuples","bucket":"keto-admin-low"},{"method":"GET","path":"/namespaces","bucket":"keto-admin-low"},{"method":"POST","path":"/ory.keto.relation_tuples.v1alpha2.WriteService/TransactRelationTuples","bucket":"keto-admin-low"},{"method":"POST","path":"/opl/syntax/check","bucket":"keto-admin-medium"},{"method":"GET","path":"/relation-tuples","bucket":"keto-admin-medium"},{"method":"GET","path":"/relation-tuples/expand","bucket":"keto-admin-medium"},{"method":"POST","path":"/ory.keto.relation_tuples.v1alpha2.CheckService/BatchCheck","bucket":"keto-public-high"},{"method":"POST","path":"/ory.keto.relation_tuples.v1alpha2.CheckService/Check","bucket":"keto-public-high"},{"method":"POST","path":"/relation-tuples/batch/check","bucket":"keto-public-high"},{"method":"GET","path":"/relation-tuples/check","bucket":"keto-public-high"},{"method":"POST","path":"/relation-tuples/check","bucket":"keto-public-high"},{"method":"GET","path":"/relation-tuples/check/openapi","bucket":"keto-public-high"},{"method":"POST","path":"/relation-tuples/check/openapi","bucket":"keto-public-high"},{"method":"GET","path":"/admin/courier/messages","bucket":"kratos-admin-low"},{"method":"POST","path":"/admin/identities","bucket":"kratos-admin-low"},{"method":"PATCH","path":"/admin/identities","bucket":"kratos-admin-low"},{"method":"DELETE","path":"/admin/identities/{id}/sessions","bucket":"kratos-admin-low"},{"method":"POST","path":"/admin/recovery/code","bucket":"kratos-admin-low"},{"method":"POST","path":"/admin/recovery/link","bucket":"kratos-admin-low"},{"method":"PATCH","path":"/admin/sessions/{id}/extend","bucket":"kratos-admin-low"},{"method":"POST","path":"/scim/{name}/v2/Groups","bucket":"kratos-admin-low"},{"method":"POST","path":"/scim/{name}/v2/Users","bucket":"kratos-admin-low"},{"method":"PUT","path":"/admin/identities/{id}","bucket":"kratos-admin-low"},{"method":"PATCH","path":"/admin/identities/{id}","bucket":"kratos-admin-low"},{"method":"DELETE","path":"/admin/identities/{id}","bucket":"kratos-admin-low"},{"method":"DELETE","path":"/admin/identities/{id}/credentials/{type}","bucket":"kratos-admin-low"},{"method":"DELETE","path":"/admin/sessions/{id}","bucket":"kratos-admin-low"},{"method":"OPTIONS","path":"/admin/sessions","bucket":"kratos-admin-low"},{"method":"POST","path":"/admin/sessions","bucket":"kratos-admin-low"},{"method":"PUT","path":"/scim/{name}/v2/Groups/{id}","bucket":"kratos-admin-low"},{"method":"PATCH","path":"/scim/{name}/v2/Groups/{id}","bucket":"kratos-admin-low"},{"method":"DELETE","path":"/scim/{name}/v2/Groups/{id}","bucket":"kratos-admin-low"},{"method":"PUT","path":"/scim/{name}/v2/Users/{id}","bucket":"kratos-admin-low"},{"method":"PATCH","path":"/scim/{name}/v2/Users/{id}","bucket":"kratos-admin-low"},{"method":"DELETE","path":"/scim/{name}/v2/Users/{id}","bucket":"kratos-admin-low"},{"method":"GET","path":"/admin/identities","bucket":"kratos-admin-medium"},{"method":"GET","path":"/admin/identities/{id}/sessions","bucket":"kratos-admin-medium"},{"method":"GET","path":"/admin/sessions","bucket":"kratos-admin-medium"},{"method":"GET","path":"/schemas","bucket":"kratos-admin-medium"},{"method":"GET","path":"/scim/{name}/v2/Groups","bucket":"kratos-admin-medium"},{"method":"GET","path":"/scim/{name}/v2/Schemas","bucket":"kratos-admin-medium"},{"method":"GET","path":"/scim/{name}/v2/ServiceProviderConfig","bucket":"kratos-admin-medium"},{"method":"GET","path":"/scim/{name}/v2/Users","bucket":"kratos-admin-medium"},{"method":"GET","path":"/admin/courier/messages/{id}","bucket":"kratos-admin-medium"},{"method":"GET","path":"/admin/identities/by/external/{externalID}","bucket":"kratos-admin-medium"},{"method":"GET","path":"/schemas/{id}","bucket":"kratos-admin-medium"},{"method":"GET","path":"/scim/{name}/v2/Groups/{id}","bucket":"kratos-admin-medium"},{"method":"GET","path":"/scim/{name}/v2/Schemas/{id}","bucket":"kratos-admin-medium"},{"method":"GET","path":"/scim/{name}/v2/Users/{id}","bucket":"kratos-admin-medium"},{"method":"GET","path":"/.well-known/change-password","bucket":"kratos-public-high"},{"method":"GET","path":"/self-service/errors","bucket":"kratos-public-high"},{"method":"GET","path":"/self-service/fed-cm/parameters","bucket":"kratos-public-high"},{"method":"HEAD","path":"/self-service/fed-cm/parameters","bucket":"kratos-public-high"},{"method":"OPTIONS","path":"/self-service/fed-cm/token","bucket":"kratos-public-high"},{"method":"GET","path":"/self-service/login","bucket":"kratos-public-high"},{"method":"OPTIONS","path":"/self-service/login","bucket":"kratos-public-high"},{"method":"HEAD","path":"/self-service/login/browser","bucket":"kratos-public-high"},{"method":"OPTIONS","path":"/self-service/login/browser","bucket":"kratos-public-high"},{"method":"GET","path":"/self-service/login/flows","bucket":"kratos-public-high"},{"method":"OPTIONS","path":"/self-service/login/flows","bucket":"kratos-public-high"},{"method":"GET","path":"/self-service/logout","bucket":"kratos-public-high"},{"method":"OPTIONS","path":"/self-service/logout","bucket":"kratos-public-high"},{"method":"OPTIONS","path":"/self-service/logout/browser","bucket":"kratos-public-high"},{"method":"GET","path":"/self-service/methods/oidc/callback","bucket":"kratos-public-high"},{"method":"GET","path":"/self-service/recovery","bucket":"kratos-public-high"},{"method":"HEAD","path":"/self-service/recovery","bucket":"kratos-public-high"},{"method":"OPTIONS","path":"/self-service/recovery","bucket":"kratos-public-high"},{"method":"HEAD","path":"/self-service/recovery/browser","bucket":"kratos-public-high"},{"method":"OPTIONS","path":"/self-service/recovery/browser","bucket":"kratos-public-high"},{"method":"GET","path":"/self-service/recovery/flows","bucket":"kratos-public-high"},{"method":"OPTIONS","path":"/self-service/recovery/flows","bucket":"kratos-public-high"},{"method":"GET","path":"/self-service/registration","bucket":"kratos-public-high"},{"method":"OPTIONS","path":"/self-service/registration","bucket":"kratos-public-high"},{"method":"HEAD","path":"/self-service/registration/browser","bucket":"kratos-public-high"},{"method":"OPTIONS","path":"/self-service/registration/browser","bucket":"kratos-public-high"},{"method":"GET","path":"/self-service/registration/flows","bucket":"kratos-public-high"},{"method":"GET","path":"/self-service/settings","bucket":"kratos-public-high"},{"method":"OPTIONS","path":"/self-service/settings","bucket":"kratos-public-high"},{"method":"GET","path":"/self-service/settings/flows","bucket":"kratos-public-high"},{"method":"GET","path":"/self-service/verification","bucket":"kratos-public-high"},{"method":"HEAD","path":"/self-service/verification","bucket":"kratos-public-high"},{"method":"OPTIONS","path":"/self-service/verification","bucket":"kratos-public-high"},{"method":"HEAD","path":"/self-service/verification/browser","bucket":"kratos-public-high"},{"method":"GET","path":"/self-service/verification/flows","bucket":"kratos-public-high"},{"method":"OPTIONS","path":"/self-service/verification/flows","bucket":"kratos-public-high"},{"method":"OPTIONS","path":"/sessions","bucket":"kratos-public-high"},{"method":"GET","path":"/sessions/whoami","bucket":"kratos-public-high"},{"method":"HEAD","path":"/self-service/methods/oidc/callback/{id}","bucket":"kratos-public-high"},{"method":"HEAD","path":"/self-service/methods/oidc/callback/{name}","bucket":"kratos-public-high"},{"method":"POST","path":"/self-service/fed-cm/token","bucket":"kratos-public-low"},{"method":"POST","path":"/self-service/login","bucket":"kratos-public-low"},{"method":"POST","path":"/self-service/recovery","bucket":"kratos-public-low"},{"method":"POST","path":"/self-service/registration","bucket":"kratos-public-low"},{"method":"POST","path":"/self-service/settings","bucket":"kratos-public-low"},{"method":"POST","path":"/self-service/verification","bucket":"kratos-public-low"},{"method":"DELETE","path":"/sessions","bucket":"kratos-public-low"},{"method":"DELETE","path":"/sessions/{id}","bucket":"kratos-public-low"},{"method":"GET","path":"/self-service/login/api","bucket":"kratos-public-medium"},{"method":"GET","path":"/self-service/login/browser","bucket":"kratos-public-medium"},{"method":"POST","path":"/self-service/login/browser","bucket":"kratos-public-medium"},{"method":"DELETE","path":"/self-service/logout/api","bucket":"kratos-public-medium"},{"method":"GET","path":"/self-service/logout/browser","bucket":"kratos-public-medium"},{"method":"GET","path":"/self-service/recovery/api","bucket":"kratos-public-medium"},{"method":"GET","path":"/self-service/recovery/browser","bucket":"kratos-public-medium"},{"method":"GET","path":"/self-service/registration/api","bucket":"kratos-public-medium"},{"method":"GET","path":"/self-service/registration/browser","bucket":"kratos-public-medium"},{"method":"GET","path":"/self-service/settings/api","bucket":"kratos-public-medium"},{"method":"GET","path":"/self-service/settings/browser","bucket":"kratos-public-medium"},{"method":"GET","path":"/self-service/verification/api","bucket":"kratos-public-medium"},{"method":"GET","path":"/self-service/verification/browser","bucket":"kratos-public-medium"},{"method":"GET","path":"/sessions","bucket":"kratos-public-medium"},{"method":"GET","path":"/sessions/token-exchange","bucket":"kratos-public-medium"},{"method":"GET","path":"/self-service/methods/oidc/callback/{id}","bucket":"kratos-public-medium"},{"method":"GET","path":"/self-service/methods/oidc/callback/{name}","bucket":"kratos-public-medium"},{"method":"GET","path":"/self-service/methods/oidc/organizations/{id}","bucket":"kratos-public-medium"},{"method":"GET","path":"/self-service/methods/saml/callback/{name}","bucket":"kratos-public-medium"},{"method":"GET","path":"/self-service/methods/saml/organizations/{id}","bucket":"kratos-public-medium"},{"method":"GET","path":"/admin/identities/{id}","bucket":"kratos-admin-high"},{"method":"OPTIONS","path":"/admin/identities/{id}","bucket":"kratos-admin-high"},{"method":"GET","path":"/admin/sessions/{id}","bucket":"kratos-admin-high"},{"method":"GET","path":"/api/v1/dsync","bucket":"polis-public-high"},{"method":"GET","path":"/api/v1/dsync/events","bucket":"polis-public-high"},{"method":"GET","path":"/api/v1/dsync/groups","bucket":"polis-public-high"},{"method":"GET","path":"/api/v1/dsync/product","bucket":"polis-public-high"},{"method":"GET","path":"/api/v1/dsync/setuplinks","bucket":"polis-public-high"},{"method":"GET","path":"/api/v1/dsync/setuplinks/product","bucket":"polis-public-high"},{"method":"GET","path":"/api/v1/dsync/users","bucket":"polis-public-high"},{"method":"GET","path":"/api/v1/identity-federation","bucket":"polis-public-high"},{"method":"GET","path":"/api/v1/identity-federation/product","bucket":"polis-public-high"},{"method":"GET","path":"/api/v1/sso","bucket":"polis-public-high"},{"method":"GET","path":"/api/v1/sso/product","bucket":"polis-public-high"},{"method":"GET","path":"/api/v1/sso-traces","bucket":"polis-public-high"},{"method":"GET","path":"/api/v1/sso-traces/product","bucket":"polis-public-high"},{"method":"GET","path":"/oauth/userinfo","bucket":"polis-public-high"},{"method":"GET","path":"/saml/.well-known/idp-metadata","bucket":"polis-public-high"},{"method":"GET","path":"/saml/.well-known/sp-metadata","bucket":"polis-public-high"},{"method":"GET","path":"/saml/.well-known/saml.cer","bucket":"polis-public-high"},{"method":"GET","path":"/saml/api/error","bucket":"polis-public-high"},{"method":"GET","path":"/api/v1/dsync/groups/{groupId}","bucket":"polis-public-high"},{"method":"GET","path":"/api/v1/dsync/groups/{groupId}/members","bucket":"polis-public-high"},{"method":"GET","path":"/api/v1/dsync/users/{userId}","bucket":"polis-public-high"},{"method":"DELETE","path":"/api/v1/dsync/setuplinks","bucket":"polis-public-medium"},{"method":"DELETE","path":"/api/v1/identity-federation","bucket":"polis-public-medium"},{"method":"DELETE","path":"/api/v1/sso","bucket":"polis-public-medium"},{"method":"PATCH","path":"/api/v1/identity-federation","bucket":"polis-public-medium"},{"method":"PATCH","path":"/api/v1/sso","bucket":"polis-public-medium"},{"method":"POST","path":"/api/v1/dsync","bucket":"polis-public-medium"},{"method":"POST","path":"/api/v1/dsync/setuplinks","bucket":"polis-public-medium"},{"method":"POST","path":"/api/v1/identity-federation","bucket":"polis-public-medium"},{"method":"POST","path":"/api/v1/sso","bucket":"polis-public-medium"},{"method":"POST","path":"/oauth/token","bucket":"polis-public-medium"},{"method":"GET","path":"/saml/api/identity-federation/sso","bucket":"polis-public-medium"},{"method":"POST","path":"/saml/api/identity-federation/sso","bucket":"polis-public-medium"},{"method":"GET","path":"/saml/api/oauth/authorize","bucket":"polis-public-medium"},{"method":"POST","path":"/saml/api/oauth/authorize","bucket":"polis-public-medium"},{"method":"GET","path":"/saml/api/oauth/oidc","bucket":"polis-public-medium"},{"method":"POST","path":"/saml/api/oauth/saml","bucket":"polis-public-medium"},{"method":"PATCH","path":"/api/v1/dsync/{directoryId}","bucket":"polis-public-medium"},{"method":"POST","path":"/v2alpha1/admin/issuedApiKeys","bucket":"talos-admin-low"},{"method":"PATCH","path":"/v2alpha1/admin/issuedApiKeys/{name}","bucket":"talos-admin-low"},{"method":"POST","path":"/v2alpha1/admin/issuedApiKeys/{name}:rotate","bucket":"talos-admin-low"},{"method":"POST","path":"/v2alpha1/admin/importedApiKeys","bucket":"talos-admin-low"},{"method":"POST","path":"/v2alpha1/admin/importedApiKeys:batchImport","bucket":"talos-admin-low"},{"method":"PATCH","path":"/v2alpha1/admin/importedApiKeys/{name}","bucket":"talos-admin-low"},{"method":"DELETE","path":"/v2alpha1/admin/importedApiKeys/{name}","bucket":"talos-admin-low"},{"method":"POST","path":"/v2alpha1/admin/apiKeys/{name}:revoke","bucket":"talos-admin-low"},{"method":"POST","path":"/v2alpha1/admin/apiKeys:derive","bucket":"talos-admin-medium"},{"method":"GET","path":"/v2alpha1/admin/issuedApiKeys","bucket":"talos-admin-medium"},{"method":"GET","path":"/v2alpha1/admin/issuedApiKeys/{name}","bucket":"talos-admin-medium"},{"method":"GET","path":"/v2alpha1/admin/importedApiKeys","bucket":"talos-admin-medium"},{"method":"GET","path":"/v2alpha1/admin/importedApiKeys/{name}","bucket":"talos-admin-medium"},{"method":"POST","path":"/v2alpha1/admin/apiKeys:verify","bucket":"talos-admin-high"},{"method":"POST","path":"/v2alpha1/admin/apiKeys:batchVerify","bucket":"talos-admin-high"},{"method":"POST","path":"/v2alpha1/apiKeys:selfRevoke","bucket":"talos-public-low"},{"method":"GET","path":"/v2alpha1/derivedKeys/jwks.json","bucket":"talos-public-high"}],"thresholds":[{"bucket":"hydra-admin-high","tier":"Developer","env":"Development","rpm":80,"rps":5},{"bucket":"hydra-admin-high","tier":"Enterprise","env":"Development","rpm":175,"rps":8},{"bucket":"hydra-admin-high","tier":"Enterprise","env":"Production","rpm":8750,"rps":351},{"bucket":"hydra-admin-high","tier":"Enterprise","env":"Staging","rpm":175,"rps":8},{"bucket":"hydra-admin-high","tier":"Growth","env":"Development","rpm":175,"rps":8},{"bucket":"hydra-admin-high","tier":"Growth","env":"Production","rpm":4300,"rps":173},{"bucket":"hydra-admin-high","tier":"Growth","env":"Staging","rpm":175,"rps":8},{"bucket":"hydra-admin-high","tier":"Production","env":"Development","rpm":175,"rps":8},{"bucket":"hydra-admin-high","tier":"Production","env":"Production","rpm":175,"rps":8},{"bucket":"hydra-admin-high","tier":"Production","env":"Staging","rpm":175,"rps":8},{"bucket":"hydra-admin-low","tier":"Developer","env":"Development","rpm":15,"rps":5},{"bucket":"hydra-admin-low","tier":"Enterprise","env":"Development","rpm":30,"rps":5},{"bucket":"hydra-admin-low","tier":"Enterprise","env":"Production","rpm":700,"rps":29},{"bucket":"hydra-admin-low","tier":"Enterprise","env":"Staging","rpm":30,"rps":5},{"bucket":"hydra-admin-low","tier":"Growth","env":"Development","rpm":30,"rps":5},{"bucket":"hydra-admin-low","tier":"Growth","env":"Production","rpm":350,"rps":15},{"bucket":"hydra-admin-low","tier":"Growth","env":"Staging","rpm":30,"rps":5},{"bucket":"hydra-admin-low","tier":"Production","env":"Development","rpm":30,"rps":5},{"bucket":"hydra-admin-low","tier":"Production","env":"Production","rpm":35,"rps":5},{"bucket":"hydra-admin-low","tier":"Production","env":"Staging","rpm":30,"rps":5},{"bucket":"hydra-admin-medium","tier":"Developer","env":"Development","rpm":15,"rps":5},{"bucket":"hydra-admin-medium","tier":"Enterprise","env":"Development","rpm":30,"rps":5},{"bucket":"hydra-admin-medium","tier":"Enterprise","env":"Production","rpm":125,"rps":6},{"bucket":"hydra-admin-medium","tier":"Enterprise","env":"Staging","rpm":30,"rps":5},{"bucket":"hydra-admin-medium","tier":"Growth","env":"Development","rpm":30,"rps":5},{"bucket":"hydra-admin-medium","tier":"Growth","env":"Production","rpm":60,"rps":5},{"bucket":"hydra-admin-medium","tier":"Growth","env":"Staging","rpm":30,"rps":5},{"bucket":"hydra-admin-medium","tier":"Production","env":"Development","rpm":30,"rps":5},{"bucket":"hydra-admin-medium","tier":"Production","env":"Production","rpm":30,"rps":5},{"bucket":"hydra-admin-medium","tier":"Production","env":"Staging","rpm":30,"rps":5},{"bucket":"hydra-public-high","tier":"Developer","env":"Development","rpm":70,"rps":5},{"bucket":"hydra-public-high","tier":"Enterprise","env":"Development","rpm":150,"rps":7},{"bucket":"hydra-public-high","tier":"Enterprise","env":"Production","rpm":2100,"rps":85},{"bucket":"hydra-public-high","tier":"Enterprise","env":"Staging","rpm":150,"rps":7},{"bucket":"hydra-public-high","tier":"Growth","env":"Development","rpm":150,"rps":7},{"bucket":"hydra-public-high","tier":"Growth","env":"Production","rpm":700,"rps":29},{"bucket":"hydra-public-high","tier":"Growth","env":"Staging","rpm":150,"rps":7},{"bucket":"hydra-public-high","tier":"Production","env":"Development","rpm":150,"rps":7},{"bucket":"hydra-public-high","tier":"Production","env":"Production","rpm":225,"rps":10},{"bucket":"hydra-public-high","tier":"Production","env":"Staging","rpm":150,"rps":7},{"bucket":"hydra-public-low","tier":"Developer","env":"Development","rpm":15,"rps":5},{"bucket":"hydra-public-low","tier":"Enterprise","env":"Development","rpm":30,"rps":5},{"bucket":"hydra-public-low","tier":"Enterprise","env":"Production","rpm":450,"rps":19},{"bucket":"hydra-public-low","tier":"Enterprise","env":"Staging","rpm":30,"rps":5},{"bucket":"hydra-public-low","tier":"Growth","env":"Development","rpm":30,"rps":5},{"bucket":"hydra-public-low","tier":"Growth","env":"Production","rpm":150,"rps":7},{"bucket":"hydra-public-low","tier":"Growth","env":"Staging","rpm":30,"rps":5},{"bucket":"hydra-public-low","tier":"Production","env":"Development","rpm":30,"rps":5},{"bucket":"hydra-public-low","tier":"Production","env":"Production","rpm":45,"rps":5},{"bucket":"hydra-public-low","tier":"Production","env":"Staging","rpm":30,"rps":5},{"bucket":"hydra-public-medium","tier":"Developer","env":"Development","rpm":125,"rps":6},{"bucket":"hydra-public-medium","tier":"Enterprise","env":"Development","rpm":250,"rps":11},{"bucket":"hydra-public-medium","tier":"Enterprise","env":"Production","rpm":3600,"rps":145},{"bucket":"hydra-public-medium","tier":"Enterprise","env":"Staging","rpm":250,"rps":11},{"bucket":"hydra-public-medium","tier":"Growth","env":"Development","rpm":250,"rps":11},{"bucket":"hydra-public-medium","tier":"Growth","env":"Production","rpm":1200,"rps":49},{"bucket":"hydra-public-medium","tier":"Growth","env":"Staging","rpm":250,"rps":11},{"bucket":"hydra-public-medium","tier":"Production","env":"Development","rpm":250,"rps":11},{"bucket":"hydra-public-medium","tier":"Production","env":"Production","rpm":375,"rps":16},{"bucket":"hydra-public-medium","tier":"Production","env":"Staging","rpm":250,"rps":11},{"bucket":"keto-admin-low","tier":"Developer","env":"Development","rpm":80,"rps":5},{"bucket":"keto-admin-low","tier":"Enterprise","env":"Development","rpm":175,"rps":8},{"bucket":"keto-admin-low","tier":"Enterprise","env":"Production","rpm":700,"rps":29},{"bucket":"keto-admin-low","tier":"Enterprise","env":"Staging","rpm":175,"rps":8},{"bucket":"keto-admin-low","tier":"Growth","env":"Development","rpm":175,"rps":8},{"bucket":"keto-admin-low","tier":"Growth","env":"Production","rpm":350,"rps":15},{"bucket":"keto-admin-low","tier":"Growth","env":"Staging","rpm":175,"rps":8},{"bucket":"keto-admin-low","tier":"Production","env":"Development","rpm":175,"rps":8},{"bucket":"keto-admin-low","tier":"Production","env":"Production","rpm":175,"rps":8},{"bucket":"keto-admin-low","tier":"Production","env":"Staging","rpm":175,"rps":8},{"bucket":"keto-admin-medium","tier":"Developer","env":"Development","rpm":125,"rps":6},{"bucket":"keto-admin-medium","tier":"Enterprise","env":"Development","rpm":250,"rps":11},{"bucket":"keto-admin-medium","tier":"Enterprise","env":"Production","rpm":2200,"rps":89},{"bucket":"keto-admin-medium","tier":"Enterprise","env":"Staging","rpm":250,"rps":11},{"bucket":"keto-admin-medium","tier":"Growth","env":"Development","rpm":250,"rps":11},{"bucket":"keto-admin-medium","tier":"Growth","env":"Production","rpm":1100,"rps":45},{"bucket":"keto-admin-medium","tier":"Growth","env":"Staging","rpm":250,"rps":11},{"bucket":"keto-admin-medium","tier":"Production","env":"Development","rpm":250,"rps":11},{"bucket":"keto-admin-medium","tier":"Production","env":"Production","rpm":550,"rps":23},{"bucket":"keto-admin-medium","tier":"Production","env":"Staging","rpm":250,"rps":11},{"bucket":"keto-public-high","tier":"Developer","env":"Development","rpm":250,"rps":11},{"bucket":"keto-public-high","tier":"Enterprise","env":"Development","rpm":500,"rps":21},{"bucket":"keto-public-high","tier":"Enterprise","env":"Production","rpm":7500,"rps":301},{"bucket":"keto-public-high","tier":"Enterprise","env":"Staging","rpm":500,"rps":21},{"bucket":"keto-public-high","tier":"Growth","env":"Development","rpm":500,"rps":21},{"bucket":"keto-public-high","tier":"Growth","env":"Production","rpm":2500,"rps":101},{"bucket":"keto-public-high","tier":"Growth","env":"Staging","rpm":500,"rps":21},{"bucket":"keto-public-high","tier":"Production","env":"Development","rpm":500,"rps":21},{"bucket":"keto-public-high","tier":"Production","env":"Production","rpm":750,"rps":31},{"bucket":"keto-public-high","tier":"Production","env":"Staging","rpm":500,"rps":21},{"bucket":"kratos-admin-high","tier":"Developer","env":"Development","rpm":40,"rps":5},{"bucket":"kratos-admin-high","tier":"Enterprise","env":"Development","rpm":80,"rps":5},{"bucket":"kratos-admin-high","tier":"Enterprise","env":"Production","rpm":1100,"rps":45},{"bucket":"kratos-admin-high","tier":"Enterprise","env":"Staging","rpm":80,"rps":5},{"bucket":"kratos-admin-high","tier":"Growth","env":"Development","rpm":80,"rps":5},{"bucket":"kratos-admin-high","tier":"Growth","env":"Production","rpm":550,"rps":23},{"bucket":"kratos-admin-high","tier":"Growth","env":"Staging","rpm":80,"rps":5},{"bucket":"kratos-admin-high","tier":"Production","env":"Development","rpm":80,"rps":5},{"bucket":"kratos-admin-high","tier":"Production","env":"Production","rpm":80,"rps":5},{"bucket":"kratos-admin-high","tier":"Production","env":"Staging","rpm":80,"rps":5},{"bucket":"kratos-admin-low","tier":"Developer","env":"Development","rpm":80,"rps":5},{"bucket":"kratos-admin-low","tier":"Enterprise","env":"Development","rpm":175,"rps":8},{"bucket":"kratos-admin-low","tier":"Enterprise","env":"Production","rpm":850,"rps":35},{"bucket":"kratos-admin-low","tier":"Enterprise","env":"Staging","rpm":175,"rps":8},{"bucket":"kratos-admin-low","tier":"Growth","env":"Development","rpm":175,"rps":8},{"bucket":"kratos-admin-low","tier":"Growth","env":"Production","rpm":425,"rps":18},{"bucket":"kratos-admin-low","tier":"Growth","env":"Staging","rpm":175,"rps":8},{"bucket":"kratos-admin-low","tier":"Production","env":"Development","rpm":175,"rps":8},{"bucket":"kratos-admin-low","tier":"Production","env":"Production","rpm":175,"rps":8},{"bucket":"kratos-admin-low","tier":"Production","env":"Staging","rpm":175,"rps":8},{"bucket":"kratos-admin-medium","tier":"Developer","env":"Development","rpm":25,"rps":5},{"bucket":"kratos-admin-medium","tier":"Enterprise","env":"Development","rpm":60,"rps":5},{"bucket":"kratos-admin-medium","tier":"Enterprise","env":"Production","rpm":400,"rps":17},{"bucket":"kratos-admin-medium","tier":"Enterprise","env":"Staging","rpm":60,"rps":5},{"bucket":"kratos-admin-medium","tier":"Growth","env":"Development","rpm":60,"rps":5},{"bucket":"kratos-admin-medium","tier":"Growth","env":"Production","rpm":200,"rps":9},{"bucket":"kratos-admin-medium","tier":"Growth","env":"Staging","rpm":60,"rps":5},{"bucket":"kratos-admin-medium","tier":"Production","env":"Development","rpm":60,"rps":5},{"bucket":"kratos-admin-medium","tier":"Production","env":"Production","rpm":90,"rps":5},{"bucket":"kratos-admin-medium","tier":"Production","env":"Staging","rpm":60,"rps":5},{"bucket":"kratos-public-high","tier":"Developer","env":"Development","rpm":450,"rps":19},{"bucket":"kratos-public-high","tier":"Enterprise","env":"Development","rpm":950,"rps":39},{"bucket":"kratos-public-high","tier":"Enterprise","env":"Production","rpm":15000,"rps":601},{"bucket":"kratos-public-high","tier":"Enterprise","env":"Staging","rpm":950,"rps":39},{"bucket":"kratos-public-high","tier":"Growth","env":"Development","rpm":950,"rps":39},{"bucket":"kratos-public-high","tier":"Growth","env":"Production","rpm":4500,"rps":181},{"bucket":"kratos-public-high","tier":"Growth","env":"Staging","rpm":950,"rps":39},{"bucket":"kratos-public-high","tier":"Production","env":"Development","rpm":950,"rps":39},{"bucket":"kratos-public-high","tier":"Production","env":"Production","rpm":1400,"rps":57},{"bucket":"kratos-public-high","tier":"Production","env":"Staging","rpm":950,"rps":39},{"bucket":"kratos-public-low","tier":"Developer","env":"Development","rpm":20,"rps":5},{"bucket":"kratos-public-low","tier":"Enterprise","env":"Development","rpm":40,"rps":5},{"bucket":"kratos-public-low","tier":"Enterprise","env":"Production","rpm":600,"rps":25},{"bucket":"kratos-public-low","tier":"Enterprise","env":"Staging","rpm":40,"rps":5},{"bucket":"kratos-public-low","tier":"Growth","env":"Development","rpm":40,"rps":5},{"bucket":"kratos-public-low","tier":"Growth","env":"Production","rpm":200,"rps":9},{"bucket":"kratos-public-low","tier":"Growth","env":"Staging","rpm":40,"rps":5},{"bucket":"kratos-public-low","tier":"Production","env":"Development","rpm":40,"rps":5},{"bucket":"kratos-public-low","tier":"Production","env":"Production","rpm":60,"rps":5},{"bucket":"kratos-public-low","tier":"Production","env":"Staging","rpm":40,"rps":5},{"bucket":"kratos-public-medium","tier":"Developer","env":"Development","rpm":100,"rps":5},{"bucket":"kratos-public-medium","tier":"Enterprise","env":"Development","rpm":200,"rps":9},{"bucket":"kratos-public-medium","tier":"Enterprise","env":"Production","rpm":3000,"rps":121},{"bucket":"kratos-public-medium","tier":"Enterprise","env":"Staging","rpm":200,"rps":9},{"bucket":"kratos-public-medium","tier":"Growth","env":"Development","rpm":200,"rps":9},{"bucket":"kratos-public-medium","tier":"Growth","env":"Production","rpm":1000,"rps":41},{"bucket":"kratos-public-medium","tier":"Growth","env":"Staging","rpm":200,"rps":9},{"bucket":"kratos-public-medium","tier":"Production","env":"Development","rpm":200,"rps":9},{"bucket":"kratos-public-medium","tier":"Production","env":"Production","rpm":325,"rps":14},{"bucket":"kratos-public-medium","tier":"Production","env":"Staging","rpm":200,"rps":9},{"bucket":"polis-public-high","tier":"Developer","env":"Development","rpm":15,"rps":5},{"bucket":"polis-public-high","tier":"Enterprise","env":"Development","rpm":30,"rps":5},{"bucket":"polis-public-high","tier":"Enterprise","env":"Production","rpm":450,"rps":19},{"bucket":"polis-public-high","tier":"Enterprise","env":"Staging","rpm":30,"rps":5},{"bucket":"polis-public-high","tier":"Growth","env":"Development","rpm":30,"rps":5},{"bucket":"polis-public-high","tier":"Growth","env":"Production","rpm":150,"rps":7},{"bucket":"polis-public-high","tier":"Growth","env":"Staging","rpm":30,"rps":5},{"bucket":"polis-public-high","tier":"Production","env":"Development","rpm":30,"rps":5},{"bucket":"polis-public-high","tier":"Production","env":"Production","rpm":45,"rps":5},{"bucket":"polis-public-high","tier":"Production","env":"Staging","rpm":30,"rps":5},{"bucket":"polis-public-medium","tier":"Developer","env":"Development","rpm":20,"rps":5},{"bucket":"polis-public-medium","tier":"Enterprise","env":"Development","rpm":40,"rps":5},{"bucket":"polis-public-medium","tier":"Enterprise","env":"Production","rpm":600,"rps":25},{"bucket":"polis-public-medium","tier":"Enterprise","env":"Staging","rpm":40,"rps":5},{"bucket":"polis-public-medium","tier":"Growth","env":"Development","rpm":40,"rps":5},{"bucket":"polis-public-medium","tier":"Growth","env":"Production","rpm":200,"rps":9},{"bucket":"polis-public-medium","tier":"Growth","env":"Staging","rpm":40,"rps":5},{"bucket":"polis-public-medium","tier":"Production","env":"Development","rpm":40,"rps":5},{"bucket":"polis-public-medium","tier":"Production","env":"Production","rpm":60,"rps":5},{"bucket":"polis-public-medium","tier":"Production","env":"Staging","rpm":40,"rps":5},{"bucket":"talos-admin-high","tier":"Developer","env":"Development","rpm":80,"rps":5},{"bucket":"talos-admin-high","tier":"Enterprise","env":"Development","rpm":175,"rps":8},{"bucket":"talos-admin-high","tier":"Enterprise","env":"Production","rpm":2500,"rps":101},{"bucket":"talos-admin-high","tier":"Enterprise","env":"Staging","rpm":175,"rps":8},{"bucket":"talos-admin-high","tier":"Growth","env":"Development","rpm":175,"rps":8},{"bucket":"talos-admin-high","tier":"Growth","env":"Production","rpm":1000,"rps":41},{"bucket":"talos-admin-high","tier":"Growth","env":"Staging","rpm":175,"rps":8},{"bucket":"talos-admin-high","tier":"Production","env":"Development","rpm":175,"rps":8},{"bucket":"talos-admin-high","tier":"Production","env":"Production","rpm":250,"rps":11},{"bucket":"talos-admin-high","tier":"Production","env":"Staging","rpm":175,"rps":8},{"bucket":"talos-admin-low","tier":"Developer","env":"Development","rpm":15,"rps":5},{"bucket":"talos-admin-low","tier":"Enterprise","env":"Development","rpm":30,"rps":5},{"bucket":"talos-admin-low","tier":"Enterprise","env":"Production","rpm":200,"rps":9},{"bucket":"talos-admin-low","tier":"Enterprise","env":"Staging","rpm":30,"rps":5},{"bucket":"talos-admin-low","tier":"Growth","env":"Development","rpm":30,"rps":5},{"bucket":"talos-admin-low","tier":"Growth","env":"Production","rpm":100,"rps":5},{"bucket":"talos-admin-low","tier":"Growth","env":"Staging","rpm":30,"rps":5},{"bucket":"talos-admin-low","tier":"Production","env":"Development","rpm":30,"rps":5},{"bucket":"talos-admin-low","tier":"Production","env":"Production","rpm":35,"rps":5},{"bucket":"talos-admin-low","tier":"Production","env":"Staging","rpm":30,"rps":5},{"bucket":"talos-admin-medium","tier":"Developer","env":"Development","rpm":30,"rps":5},{"bucket":"talos-admin-medium","tier":"Enterprise","env":"Development","rpm":60,"rps":5},{"bucket":"talos-admin-medium","tier":"Enterprise","env":"Production","rpm":500,"rps":21},{"bucket":"talos-admin-medium","tier":"Enterprise","env":"Staging","rpm":60,"rps":5},{"bucket":"talos-admin-medium","tier":"Growth","env":"Development","rpm":60,"rps":5},{"bucket":"talos-admin-medium","tier":"Growth","env":"Production","rpm":250,"rps":11},{"bucket":"talos-admin-medium","tier":"Growth","env":"Staging","rpm":60,"rps":5},{"bucket":"talos-admin-medium","tier":"Production","env":"Development","rpm":60,"rps":5},{"bucket":"talos-admin-medium","tier":"Production","env":"Production","rpm":90,"rps":5},{"bucket":"talos-admin-medium","tier":"Production","env":"Staging","rpm":60,"rps":5},{"bucket":"talos-public-high","tier":"Developer","env":"Development","rpm":60,"rps":5},{"bucket":"talos-public-high","tier":"Enterprise","env":"Development","rpm":125,"rps":6},{"bucket":"talos-public-high","tier":"Enterprise","env":"Production","rpm":850,"rps":35},{"bucket":"talos-public-high","tier":"Enterprise","env":"Staging","rpm":125,"rps":6},{"bucket":"talos-public-high","tier":"Growth","env":"Development","rpm":125,"rps":6},{"bucket":"talos-public-high","tier":"Growth","env":"Production","rpm":400,"rps":17},{"bucket":"talos-public-high","tier":"Growth","env":"Staging","rpm":125,"rps":6},{"bucket":"talos-public-high","tier":"Production","env":"Development","rpm":125,"rps":6},{"bucket":"talos-public-high","tier":"Production","env":"Production","rpm":200,"rps":9},{"bucket":"talos-public-high","tier":"Production","env":"Staging","rpm":125,"rps":6},{"bucket":"talos-public-low","tier":"Developer","env":"Development","rpm":15,"rps":5},{"bucket":"talos-public-low","tier":"Enterprise","env":"Development","rpm":30,"rps":5},{"bucket":"talos-public-low","tier":"Enterprise","env":"Production","rpm":200,"rps":9},{"bucket":"talos-public-low","tier":"Enterprise","env":"Staging","rpm":30,"rps":5},{"bucket":"talos-public-low","tier":"Growth","env":"Development","rpm":30,"rps":5},{"bucket":"talos-public-low","tier":"Growth","env":"Production","rpm":100,"rps":5},{"bucket":"talos-public-low","tier":"Growth","env":"Staging","rpm":30,"rps":5},{"bucket":"talos-public-low","tier":"Production","env":"Development","rpm":30,"rps":5},{"bucket":"talos-public-low","tier":"Production","env":"Production","rpm":45,"rps":5},{"bucket":"talos-public-low","tier":"Production","env":"Staging","rpm":30,"rps":5}]} \ No newline at end of file From b565b0eebdbefc5627748e882fab5b1ac2b1b890 Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Tue, 23 Jun 2026 11:23:34 +0000 Subject: [PATCH 5/8] docs: bump to 9073260639be9811f21421e46d20948cb5a2952f --- docs/reference/api.json | 111 +++++++++++++++++++++++++++++++++++----- 1 file changed, 99 insertions(+), 12 deletions(-) diff --git a/docs/reference/api.json b/docs/reference/api.json index 54e5f17a7..d608710a8 100644 --- a/docs/reference/api.json +++ b/docs/reference/api.json @@ -3856,18 +3856,6 @@ "required": ["id", "email", "name", "email_verified"], "type": "object" }, - "consistencyRequestParameters": { - "description": "Control API consistency guarantees", - "properties": { - "consistency": { - "description": "Read Consistency Level (preview)\n\nThe read consistency level determines the consistency guarantee for reads:\n\nstrong (slow): The read is guaranteed to return the most recent data committed at the start of the read.\neventual (very fast): The result will return data that is about 4.8 seconds old.\n\nThe default consistency guarantee can be changed in the Ory Network Console or using the Ory CLI with\n`ory patch project --replace '/previews/default_read_consistency_level=\"strong\"'`.\n\nSetting the default consistency level to `eventual` may cause regressions in the future as we add consistency\ncontrols to more APIs. Currently, the following APIs will be affected by this setting:\n\n`GET /admin/identities`\n\nThis feature is in preview and only available in Ory Network.\n ConsistencyLevelUnset ConsistencyLevelUnset is the unset / default consistency level.\nstrong ConsistencyLevelStrong ConsistencyLevelStrong is the strong consistency level.\neventual ConsistencyLevelEventual ConsistencyLevelEventual is the eventual consistency level using follower read timestamps.", - "enum": ["", "strong", "eventual"], - "type": "string", - "x-go-enum-desc": " ConsistencyLevelUnset ConsistencyLevelUnset is the unset / default consistency level.\nstrong ConsistencyLevelStrong ConsistencyLevelStrong is the strong consistency level.\neventual ConsistencyLevelEventual ConsistencyLevelEventual is the eventual consistency level using follower read timestamps." - } - }, - "type": "object" - }, "continueWith": { "discriminator": { "mapping": { @@ -12713,6 +12701,7 @@ "discriminator": { "mapping": { "code": "#/components/schemas/updateLoginFlowWithCodeMethod", + "deviceauthn": "#/components/schemas/updateLoginFlowWithDeviceAuthnMethod", "identifier_first": "#/components/schemas/updateLoginFlowWithIdentifierFirstMethod", "lookup_secret": "#/components/schemas/updateLoginFlowWithLookupSecretMethod", "oidc": "#/components/schemas/updateLoginFlowWithOidcMethod", @@ -12740,6 +12729,9 @@ { "$ref": "#/components/schemas/updateLoginFlowWithWebAuthnMethod" }, + { + "$ref": "#/components/schemas/updateLoginFlowWithDeviceAuthnMethod" + }, { "$ref": "#/components/schemas/updateLoginFlowWithLookupSecretMethod" }, @@ -12789,6 +12781,31 @@ "required": ["method", "csrf_token"], "type": "object" }, + "updateLoginFlowWithDeviceAuthnMethod": { + "description": "No CSRF token since this method may not be used from the browser.", + "properties": { + "client_key_id": { + "description": "Login with a DeviceAuthn Security Key.\n\nThis must contain the client ID of the DeviceAuthN key,\na.k.a 'key alias' on Android and 'key id' on iOS.", + "type": "string" + }, + "method": { + "description": "Method should be set to \"deviceauthn\" when logging in using the DeviceAuthn strategy.", + "type": "string" + }, + "signature": { + "description": "Signature is a ES256 signature of the server-provided challenge.", + "format": "byte", + "type": "string" + }, + "transient_payload": { + "description": "Transient data to pass along to any webhooks", + "type": "object" + } + }, + "required": ["method"], + "title": "Update Login Flow with DeviceAuthn Method", + "type": "object" + }, "updateLoginFlowWithIdentifierFirstMethod": { "description": "Update Login Flow with Multi-Step Method", "properties": { @@ -13351,6 +13368,7 @@ "description": "Update Settings Flow Request Body", "discriminator": { "mapping": { + "deviceauthn": "#/components/schemas/updateSettingsFlowWithDeviceAuthnMethod", "lookup_secret": "#/components/schemas/updateSettingsFlowWithLookupMethod", "oidc": "#/components/schemas/updateSettingsFlowWithOidcMethod", "passkey": "#/components/schemas/updateSettingsFlowWithPasskeyMethod", @@ -13386,9 +13404,78 @@ }, { "$ref": "#/components/schemas/updateSettingsFlowWithPasskeyMethod" + }, + { + "$ref": "#/components/schemas/updateSettingsFlowWithDeviceAuthnMethod" } ] }, + "updateSettingsFlowWithDeviceAuthnMethod": { + "description": "Update Settings Flow with DeviceAuthn Method", + "properties": { + "add": { + "$ref": "#/components/schemas/updateSettingsFlowWithDeviceAuthnMethodAdd" + }, + "csrf_token": { + "description": "CSRFToken is the anti-CSRF token\nIt only is required to remove a key from the browser.", + "type": "string" + }, + "delete": { + "$ref": "#/components/schemas/updateSettingsFlowWithDeviceAuthnMethodDelete" + }, + "method": { + "description": "Method\n\nShould be set to \"deviceauthn\" when trying to add or remove a DeviceAuthn key.", + "type": "string" + }, + "transient_payload": { + "description": "Transient data to pass along to any webhooks", + "type": "object" + } + }, + "required": ["method"], + "type": "object" + }, + "updateSettingsFlowWithDeviceAuthnMethodAdd": { + "properties": { + "attestation_ios": { + "format": "byte", + "type": "string" + }, + "certificate_chain_android": { + "description": "CertificateChainAndroid is a list of base64 strings for creating a key on Android.\nEach element is a certificate.\nThe first element is the leaf, corresponding to the on-device key, the last is the root (Google CA).", + "items": { + "format": "byte", + "type": "string" + }, + "type": "array" + }, + "client_key_id": { + "description": "ClientKeyID is the key id/alias on the device.", + "type": "string" + }, + "device_name": { + "description": "DeviceName is a human-readable name for the device e.g. 'My work phone'.", + "type": "string" + }, + "version": { + "description": "Version is the version number for the cryptography.\nFor now only `1` is supported which corresponds to SHA256 + EC.", + "format": "int64", + "type": "integer" + } + }, + "required": ["device_name", "client_key_id"], + "type": "object" + }, + "updateSettingsFlowWithDeviceAuthnMethodDelete": { + "properties": { + "client_key_id": { + "description": "ClientKeyID is the key id/alias on the device.", + "type": "string" + } + }, + "required": ["client_key_id"], + "type": "object" + }, "updateSettingsFlowWithLookupMethod": { "description": "Update Settings Flow with Lookup Method", "properties": { From 9b00f211f06e02190ba31cf124ba64448fc2551e Mon Sep 17 00:00:00 2001 From: unatasha8 Date: Tue, 23 Jun 2026 08:11:42 -0700 Subject: [PATCH 6/8] docs: set redirects to premanent = true (#2635) * docs: set redirects to premanent = true * docs: split /keto/docs/(|v0.5/):engine redirect into 2 redirects * feat: ory network cta for oss only (#2634) * feat: Ory Network CTA for OSS deployment only * refactor: simplify image source handling in OryNetworkCta component * docs: bump to 79e05a2469a39381d507936e72baed37b8300afc * docs: bump to 79e05a2469a39381d507936e72baed37b8300afc * feat: improve actions ux docs (#2615) * feat: improve actions ux docs * feat: apply suggestion remove bold * feat: apply suggestion on for one * docs: move talos redirects to vercel file * docs: ran make format * docs: changed to true * chore(docs): update of OEL images (#2637) * docs: deviceauthn relaxed attestation (#2630) --------- Co-authored-by: Wassim Bougarfa <12980387+wassimoo@users.noreply.github.com> Co-authored-by: aeneasr <3372410+aeneasr@users.noreply.github.com> Co-authored-by: Michelle Sagnelli Co-authored-by: ory-bot <60093411+ory-bot@users.noreply.github.com> Co-authored-by: Pierre Caillaud <93587351+pcaillaudm@users.noreply.github.com> --- vercel.json | 653 ++++++++++++++++++++++++++-------------------------- 1 file changed, 329 insertions(+), 324 deletions(-) diff --git a/vercel.json b/vercel.json index 3f142c2ce..9a18f2b1c 100644 --- a/vercel.json +++ b/vercel.json @@ -8,17 +8,17 @@ { "source": "/", "destination": "/docs", - "permanent": false + "permanent": true }, { "source": "/docs(/|)", "destination": "/docs/welcome", - "permanent": false + "permanent": true }, { "source": "/docs/next/:path*", "destination": "/docs/:path", - "permanent": false + "permanent": true }, { "source": "/docs/:path*", @@ -35,1382 +35,1387 @@ { "source": "/keto/docs/(|v0.5/)engines", "destination": "https://github.com/ory/keto/blob/v0.7.0-alpha.1/docs/versioned_docs/version-v0.5/engines/index.md", - "permanent": false + "permanent": true }, { - "source": "/keto/docs/(|v0.5/):engine", + "source": "/keto/docs/v0.5/:engine", "destination": "https://github.com/ory/keto/blob/v0.7.0-alpha.1/docs/versioned_docs/version-v0.5/engines/:engine.md", - "permanent": false + "permanent": true + }, + { + "source": "/keto/docs/:engine", + "destination": "https://github.com/ory/keto/blob/v0.7.0-alpha.1/docs/versioned_docs/version-v0.5/engines/:engine.md", + "permanent": true }, { "source": "/keto/docs/(|v0.5/)configure-deploy", "destination": "https://github.com/ory/keto/blob/v0.7.0-alpha.1/docs/versioned_docs/version-v0.5/configure-deploy.md", - "permanent": false + "permanent": true }, { "source": "/oathkeeper/docs", "destination": "https://www.ory.com/docs/oathkeeper", - "permanent": false + "permanent": true }, { "source": "/oathkeeper/docs/:path*", "destination": "https://www.ory.com/docs/oathkeeper/:path", - "permanent": false + "permanent": true }, { "source": "/docs/oathkeeper/:version(v[0-9.]+|next)/:path*", "destination": "https://www.ory.com/docs/oathkeeper/:path", - "permanent": false + "permanent": true }, { "source": "/docs/oathkeeper/:version(v[0-9.]+|v[0-9.]+/|next|next/)", "destination": "https://www.ory.com/docs/network/oathkeeper", - "permanent": false + "permanent": true }, { "source": "/hydra/docs", "destination": "/docs/hydra", - "permanent": false + "permanent": true }, { "source": "/hydra/docs/:path*", "destination": "/docs/hydra/:path", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/:version(v[0-9.]+|next)/:path*", "destination": "/docs/hydra/:path", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/:version(v[0-9.]+|v[0-9.]+/|next|next/)", "destination": "/docs/hydra", - "permanent": false + "permanent": true }, { "source": "/keto/docs", "destination": "https://www.ory.com/docs/network/keto", - "permanent": false + "permanent": true }, { "source": "/keto/docs/:path*", "destination": "https://www.ory.com/docs/keto/:path", - "permanent": false + "permanent": true }, { "source": "/docs/keto/:version(v[0-9.]+|next)/:path*", "destination": "https://www.ory.com/docs/keto/:path", - "permanent": false + "permanent": true }, { "source": "/docs/keto/:version(v[0-9.]+|v[0-9.]+/|next|next/)", "destination": "https://www.ory.com/docs/network/keto", - "permanent": false + "permanent": true }, { "source": "/kratos/docs", "destination": "https://www.ory.com/docs/kratos", - "permanent": false + "permanent": true }, { "source": "/kratos/docs/:path*", "destination": "https://www.ory.com/docs/kratos/:path", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/:version(v[0-9.]+|next)/:path*", "destination": "https://www.ory.com/docs/kratos/:path", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/:version(v[0-9.]+|v[0-9.]+/|next|next/)", "destination": "https://www.ory.com/docs/kratos", - "permanent": false + "permanent": true }, { "source": "/docs/start-building/create-project", "destination": "https://www.ory.com/docs/guides/console/create-project", - "permanent": false + "permanent": true }, { "source": "/docs/start-building", "destination": "https://www.ory.com/docs", - "permanent": false + "permanent": true }, { "source": "/docs/start-building/ory-cli-install-use", "destination": "https://www.ory.com/docs/guides/ory-cli-install-use", - "permanent": false + "permanent": true }, { "source": "/docs/start-building/server-side-web-app", "destination": "https://www.ory.com/docs/guides/protect-page-login/go", - "permanent": false + "permanent": true }, { "source": "/docs/http-api", "destination": "https://www.ory.com/docs/reference/api", - "permanent": false + "permanent": true }, { "source": "/docs/oathkeeper/http-api", "destination": "https://www.ory.com/docs/oathkeeper/reference/api", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/http-api", "destination": "https://www.ory.com/docs/hydra/reference/api", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/http-api", "destination": "https://www.ory.com/docs/kratos/reference/api", - "permanent": false + "permanent": true }, { "source": "/docs/guides/integrate-golang", "destination": "https://www.ory.com/docs/guides/protect-page-login/go", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/debugging", "destination": "https://www.ory.com/docs/hydra/debug", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/implementing-consent", "destination": "/docs/hydra/guides/consent", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/oauth2", "destination": "https://www.ory.com/docs/hydra/concepts/oauth2", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/integration", "destination": "https://www.ory.com/docs/hydra/guides/using-oauth2", - "permanent": false + "permanent": true }, { "source": "/docs/keto/http-api", "destination": "https://www.ory.com/docs/keto/reference/api", - "permanent": false + "permanent": true }, { "source": "/docs/keto/milestones", "destination": "https://github.com/ory/keto/milestones", - "permanent": false + "permanent": true }, { "source": "/docs/oathkeeper/milestones", "destination": "https://github.com/ory/oathkeeper/milestones", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/milestones", "destination": "https://github.com/ory/hydra/milestones", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/(CHANGELOG|changelog)", "destination": "https://github.com/ory/hydra/blob/master/CHANGELOG.md", - "permanent": false + "permanent": true }, { "source": "/docs/keto/(CHANGELOG|changelog)", "destination": "https://github.com/ory/keto/blob/master/CHANGELOG.md", - "permanent": false + "permanent": true }, { "source": "/docs/oathkeeper/(CHANGELOG|changelog)", "destination": "https://github.com/ory/oathkeeper/blob/master/CHANGELOG.md", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/(CHANGELOG|changelog)", "destination": "https://github.com/ory/kratos/blob/master/CHANGELOG.md", - "permanent": false + "permanent": true }, { "source": "/docs/versions", "destination": "https://www.ory.com/docs", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/versions", "destination": "https://www.ory.com/docs/hydra", - "permanent": false + "permanent": true }, { "source": "/docs/keto/versions", "destination": "https://www.ory.com/docs/network/keto", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/versions", "destination": "https://www.ory.com/docs/kratos", - "permanent": false + "permanent": true }, { "source": "/docs/oathkeeper/versions", "destination": "https://www.ory.com/docs/oathkeeper", - "permanent": false + "permanent": true }, { "source": "/docs/keto/reference/api", "destination": "https://www.ory.com/docs/keto/reference/rest-api", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/sdk/api", "destination": "/docs/kratos/reference/api", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/faq", "destination": "https://www.ory.com/docs/kratos", - "permanent": false + "permanent": true }, { "source": "/:path*/index", "destination": "/:path", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/concepts/identity-(data|user)-model", "destination": "/docs/kratos/concepts/identity-schema", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/self-service/flows/(user-settings|user-profile-management)/:path", "destination": "https://www.ory.com/docs/kratos/self-service/flows/user-settings", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/self-service/flows/user-login-(user-|)registration/:path", "destination": "https://www.ory.com/docs/kratos/self-service/flows/user-login", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/self-service/flows/(password-reset-|)account-recovery/:path", "destination": "https://www.ory.com/docs/kratos/self-service/flows/account-recovery", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/self-service/(flows|strategies)", "destination": "/docs/kratos/self-service", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/self-service/strategies/:path*", "destination": "/docs/kratos/self-service", - "permanent": false + "permanent": true }, { "source": "/docs/:project/search", "destination": "https://www.ory.com/docs", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/concepts/authenticators/look-up-secrets", "destination": "https://www.ory.com/docs/kratos/guides/two-factor-authentication-2fa-mfa", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/two-factor-authentication-2fa-mfa", "destination": "https://www.ory.com/docs/kratos/guides/two-factor-authentication-2fa-mfa", - "permanent": false + "permanent": true }, { "source": "/docs/start-building/server-side-web-app", "destination": "https://www.ory.com/docs/guides/protect-page-login/expressjs", - "permanent": false + "permanent": true }, { "source": "/docs/start-building/ssingle-page-app-spa", "destination": "https://www.ory.com/docs/guides/protect-page-login/next.js", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/guides/kratos-video-tutorials", "destination": "https://www.ory.com/docs/kratos/further-reading/kratos-video-tutorials", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/concepts/selfservice-flow-completion", "destination": "https://www.ory.com/docs/kratos/concepts/browser-redirect-flow-completion", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/guides/login-session", "destination": "https://www.ory.com/docs/kratos/session-management/overview", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/concepts/session", "destination": "https://www.ory.com/docs/guides/session-management/overview", - "permanent": false + "permanent": true }, { "source": "/docs/guides/config-with-cli", "destination": "https://www.ory.com/docs/guides/cli/config-with-cli", - "permanent": false + "permanent": true }, { "source": "/docs/guides/ory-cli-install-use", "destination": "https://www.ory.com/docs/guides/cli/installation", - "permanent": false + "permanent": true }, { "source": "/docs/(kratos|hydra|keto|oathkeeper)/contributing", "destination": "https://github.com/ory/(kratos|hydra|keto|oathkeeper)/blob/master/CONTRIBUTING.md", - "permanent": false + "permanent": true }, { "source": "/docs/guides/proxy", "destination": "https://www.ory.com/docs/guides/cli/proxy-and-tunnel", - "permanent": false + "permanent": true }, { "source": "/docs/keto/engines", "destination": "https://www.ory.com/docs/keto/guides/upgrade", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/admin/managing-users-identities", "destination": "https://www.ory.com/docs/guides/manage-identities/managing-users-identities", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/guides/sign-in-with-github-google-facebook-linkedin", "destination": "https://www.ory.com/docs/guides/social-signin/overview", - "permanent": false + "permanent": true }, { "source": "/docs/cloud/developer", "destination": "https://www.ory.com/pricing", - "permanent": false + "permanent": true }, { "source": "/docs/cloud/cloud-roadmap", "destination": "https://www.ory.com/cloud", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/guides/two-factor-authentication-2fa-mfa", "destination": "https://www.ory.com/docs/guides/mfa/overview", - "permanent": false + "permanent": true }, { "source": "/docs/guides/passwordless/social-sign-in", "destination": "https://www.ory.com/docs/guides/social-signin/overview", - "permanent": false + "permanent": true }, { "source": "/docs/concepts/self-service", "destination": "https://www.ory.com/docs/kratos/self-service", - "permanent": false + "permanent": true }, { "source": "/docs/concepts/identity", "destination": "https://www.ory.com/docs/guides/manage-identities/identity", - "permanent": false + "permanent": true }, { "source": "/docs/concepts/managed-ui", "destination": "https://www.ory.com/docs/welcome", - "permanent": false + "permanent": true }, { "source": "/docs/concepts/project-invite-membership", "destination": "https://www.ory.com/docs/welcome", - "permanent": false + "permanent": true }, { "source": "/docs/concepts/project", "destination": "https://www.ory.com/docs/welcome", - "permanent": false + "permanent": true }, { "source": "/docs/concepts/terminology", "destination": "https://www.ory.com/docs/welcome", - "permanent": false + "permanent": true }, { "source": "/docs/guides/console/create-project", "destination": "https://www.ory.com/docs/welcome", - "permanent": false + "permanent": true }, { "source": "/docs/guides/create-personal-access-token", "destination": "https://www.ory.com/docs/welcome", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/concepts/credentials/lookup-secrets", "destination": "https://www.ory.com/docs/guides/mfa/lookup-secrets", - "permanent": false + "permanent": true }, { "source": "/docs/guides/mfa/lookup_secrets", "destination": "https://www.ory.com/docs/guides/mfa/lookup-secrets", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/concepts/credentials/openid-connect-oidc-oauth2", "destination": "https://www.ory.com/docs/guides/social-signin/overview", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/concepts/credentials/totp", "destination": "https://www.ory.com/docs/guides/mfa/totp", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/concepts/credentials/webauthn", "destination": "https://www.ory.com/docs/guides/mfa/webauthn-fido-yubikey", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/concepts/federation", "destination": "/docs/kratos", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/concepts/management-ui", "destination": "https://www.ory.com/docs/welcome", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/concepts/rest-api", "destination": "https://www.ory.com/docs/ecosystem/api-design", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/concepts/securing-applications", "destination": "https://www.ory.com/docs/kratos", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/concepts/terminology", "destination": "https://www.ory.com/docs/concepts/terminology", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/further-reading/comparison", "destination": "https://www.ory.com/docs/kratos", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/further-reading/kratos-video-tutorials", "destination": "https://www.ory.com/docs/oel/kratos/quickstart", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/guides/retrieve-social-sign-in-access-refresh-id-token", "destination": "https://www.ory.com/docs/guides/social-signin/get-tokens", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/guides/setting-up-aes-cipher-parameters", "destination": "https://www.ory.com/docs/kratos/guides/select-cipher-algorithm", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/guides/setting-up-noop-cipher-parameters", "destination": "https://www.ory.com/docs/kratos/guides/select-cipher-algorithm", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/guides/setting-up-xchacha-cipher-parameters", "destination": "https://www.ory.com/docs/kratos/guides/select-cipher-algorithm", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/self-service/flows/2fa-mfa-multi-factor-authentication", "destination": "https://www.ory.com/docs/guides/mfa/overview", - "permanent": false + "permanent": true }, { "source": "/docs/start-building/deploy-auth-production", "destination": "https://www.ory.com/docs/guides/custom-domains", - "permanent": false + "permanent": true }, { "source": "/docs/start-building/other-languages", "destination": "https://www.ory.com/docs/examples", - "permanent": false + "permanent": true }, { "source": "/docs/start-building/single-page-app-spa", "destination": "https://www.ory.com/login-spa-react-nextjs-authentication-example-api-open-source", - "permanent": false + "permanent": true }, { "source": "/docs/guides/protect-page-login/index", "destination": "https://www.ory.com/docs/examples", - "permanent": false + "permanent": true }, { "source": "/docs/concepts/services-api", "destination": "https://www.ory.com/docs/welcome", - "permanent": false + "permanent": true }, { "source": "/docs/keto/implemented-planned-features", "destination": "https://www.ory.com/docs/guides/cli/configure-permission-service", - "permanent": false + "permanent": true }, { "source": "/docs/guides/protect-page-login", "destination": "https://www.ory.com/docs/examples", - "permanent": false + "permanent": true }, { "source": "/docs/concepts/session", "destination": "https://www.ory.com/docs/guides/session-management/overview", - "permanent": false + "permanent": true }, { "source": "/docs/guides/protect-page-login/expressjs", "destination": "https://www.ory.com/docs/getting-started/integrate-auth/expressjs", - "permanent": false + "permanent": true }, { "source": "/docs/guides/protect-page-login/flutter-web-redirect", "destination": "https://www.ory.com/docs/getting-started/integrate-auth/flutter-web-redirect", - "permanent": false + "permanent": true }, { "source": "/docs/guides/protect-page-login/go", "destination": "https://www.ory.com/docs/getting-started/integrate-auth/go", - "permanent": false + "permanent": true }, { "source": "/docs/guides/protect-page-login/next.js", "destination": "https://www.ory.com/docs/getting-started/integrate-auth/nextjs", - "permanent": false + "permanent": true }, { "source": "/docs/guides/protect-page-login/php", "destination": "https://www.ory.com/docs/getting-started/integrate-auth/php", - "permanent": false + "permanent": true }, { "source": "/docs/guides/protect-page-login/react", "destination": "https://www.ory.com/docs/getting-started/integrate-auth/react", - "permanent": false + "permanent": true }, { "source": "/docs/guides/protect-page-login/vue", "destination": "https://www.ory.com/docs/getting-started/integrate-auth/vue", - "permanent": false + "permanent": true }, { "source": "/docs/guides/local-development", "destination": "https://www.ory.com/docs/getting-started/local-development", - "permanent": false + "permanent": true }, { "source": "/docs/concepts/emails", "destination": "https://www.ory.com/docs/guides/emails", - "permanent": false + "permanent": true }, { "source": "/docs/start-building/native-mobile-app", "destination": "https://www.ory.com/docs/getting-started/integrate-auth/react-native", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/concepts/identity-schema", "destination": "https://www.ory.com/docs/guides/manage-identities/overview", - "permanent": false + "permanent": true }, { "source": "/docs/guides/manage-identities/managing-users-identities", "destination": "https://www.ory.com/docs/guides/manage-identities/create-users-identities", - "permanent": false + "permanent": true }, { "source": "/docs/guides/manage-identities/identity", "destination": "https://www.ory.com/docs/guides/manage-identities/identity-schema", - "permanent": false + "permanent": true }, { "source": "/docs/guides/manage-identities/import-identity", "destination": "https://www.ory.com/docs/guides/manage-identities/import-user-accounts-identities", - "permanent": false + "permanent": true }, { "source": "/docs/guides/customize-identity-schema", "destination": "https://www.ory.com/docs/guides/manage-identities/customize-identity-schema", - "permanent": false + "permanent": true }, { "source": "/docs/cli/ory-identities", "destination": "https://www.ory.com/docs/cli/ory-list-identities", - "permanent": false + "permanent": true }, { "source": "/docs/cli/ory-identities-get", "destination": "https://www.ory.com/docs/cli/ory-get-identity", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/guides/token-expiration", "destination": "https://www.ory.com/docs/hydra/guides/client-token-expiration", - "permanent": false + "permanent": true }, { "source": "/docs/guides/passwordless/:path*", "destination": "https://www.ory.com/docs/kratos/passwordless/:path", - "permanent": false + "permanent": true }, { "source": "/docs/guides/session-management/:path*", "destination": "https://www.ory.com/docs/kratos/session-management/:path", - "permanent": false + "permanent": true }, { "source": "/docs/guides/manage-identities/:path*", "destination": "https://www.ory.com/docs/kratos/manage-identities/:path", - "permanent": false + "permanent": true }, { "source": "/docs/guides/social-signin/:path*", "destination": "https://www.ory.com/docs/kratos/social-signin/:path", - "permanent": false + "permanent": true }, { "source": "/docs/guides/mfa/:path*", "destination": "https://www.ory.com/docs/kratos/mfa/:path", - "permanent": false + "permanent": true }, { "source": "/docs/guides/emails", "destination": "https://www.ory.com/docs/kratos/emails-sms/sending-emails-smtp", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/concepts/email-sms", "destination": "https://www.ory.com/docs/kratos/emails-sms/custom-email-templates", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/concepts/index", "destination": "https://www.ory.com/docs/kratos/ory-kratos-intro", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/index", "destination": "https://www.ory.com/docs/kratos/ory-kratos-intro", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/milestones", "destination": "https://www.ory.com/docs/oss/changelog", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/guides/account-activation-email-verification", "destination": "https://www.ory.com/docs/kratos/self-hosted/account-activation-email-verification", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/guides/account-recovery-password-reset", "destination": "https://www.ory.com/docs/kratos/self-service/flows/account-recovery-password-reset", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/self-service/hooks", "destination": "https://www.ory.com/docs/kratos/hooks/configure-hooks", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/guides/integration-with-other-systems-using-web-hooks", "destination": "https://www.ory.com/docs/kratos/hooks/webhooks-integrations", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/sdk/01_overview.md", "destination": "/docs/kratos/sdk/overview", - "permanent": false + "permanent": true }, { "source": "/docs/guides/configure-ory-to-use-your-ui", "destination": "https://www.ory.com/docs/kratos/bring-your-own-ui/custom-ui-overview", - "permanent": false + "permanent": true }, { "source": "/docs/kratos", "destination": "https://www.ory.com/docs/kratos/ory-kratos-intro", - "permanent": false + "permanent": true }, { "source": "/docs/technical-advisories/oidc-redirect-url-cname-OTA-092022-01", "destination": "https://www.ory.com/docs/troubleshooting/oidc-redirect-url-cname-OTA-092022-01", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/configure-deploy", "destination": "https://www.ory.com/docs/hydra/self-hosted/configure-deploy", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/dependencies-environment", "destination": "https://www.ory.com/docs/hydra/self-hosted/dependencies-environment", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/guides/deploy-hydra-example", "destination": "https://www.ory.com/docs/hydra/self-hosted/deploy-hydra-example", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/guides/gitlab", "destination": "https://www.ory.com/docs/hydra/self-hosted/gitlab", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/install", "destination": "https://www.ory.com/docs/hydra/self-hosted/install", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/guides/kubernetes-helm-chart", "destination": "https://www.ory.com/docs/hydra/self-hosted/kubernetes-helm-chart", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/guides/merge-multiple-db-secrets", "destination": "https://www.ory.com/docs/hydra/self-hosted/merge-multiple-db-secrets", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/guides/migrating-from-mitreid", "destination": "https://www.ory.com/docs/hydra/self-hosted/migrating-from-mitreid", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/production", "destination": "https://www.ory.com/docs/hydra/self-hosted/production", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/guides/scaling-hydra", "destination": "https://www.ory.com/docs/hydra/self-hosted/scaling-hydra", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/guides/secrets-key-rotation", "destination": "https://www.ory.com/docs/hydra/self-hosted/secrets-key-rotation", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/guides/upgrade", "destination": "https://www.ory.com/docs/hydra/self-hosted/upgrade", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/guides/hsm-support", "destination": "https://www.ory.com/docs/hydra/self-hosted/hsm-support", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/advanced", "destination": "https://www.ory.com/docs/hydra/guides/openid", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/guides/oauth2-grant-type-jwt-bearer", "destination": "https://www.ory.com/docs/hydra/guides/jwt", - "permanent": false + "permanent": true }, { "source": "/docs/getting-started/custom-ui-preact-ory-elements", "destination": "https://www.ory.com/docs/getting-started/custom-ui-ory-elements", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/self-service/flows/account-recovery", "destination": "https://www.ory.com/docs/kratos/self-service/flows/account-recovery-password-reset", - "permanent": false + "permanent": true }, { "source": "/docs/concepts/social-sign-in", "destination": "https://www.ory.com/docs/kratos/social-signin/overview", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/sdk/index", "destination": "https://www.ory.com/docs/hydra/sdk/overview", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/sdk", "destination": "https://www.ory.com/docs/hydra/sdk/overview", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/sdk/index", "destination": "/docs/kratos/sdk/overview", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/sdk", "destination": "/docs/kratos/sdk/overview", - "permanent": false + "permanent": true }, { "source": "/docs/keto/sdk/index", "destination": "https://www.ory.com/docs/keto/sdk/overview", - "permanent": false + "permanent": true }, { "source": "/docs/keto/sdk", "destination": "https://www.ory.com/docs/keto/sdk/overview", - "permanent": false + "permanent": true }, { "source": "/docs/getting-started/ory-cloud-oauth2", "destination": "https://www.ory.com/docs/network/hydra/ory-network-oauth2", - "permanent": false + "permanent": true }, { "source": "/docs/examples", "destination": "https://www.ory.com/docs/getting-started/overview", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/guides/password-policy", "destination": "https://www.ory.com/docs/concepts/password-policy", - "permanent": false + "permanent": true }, { "source": "/docs/self-service/flows/account-recovery", "destination": "https://www.ory.com/docs/kratos/self-service/flows/account-recovery-password-reset", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/emails-sms/sms-messages", "destination": "https://www.ory.com/docs/kratos", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/self-hosted/sms-messages", "destination": "https://www.ory.com/docs/kratos", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/mfa/enforce-mfa", "destination": "https://www.ory.com/docs/kratos/mfa/step-up-authentication", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/mfa/requesting-2fa", "destination": "https://www.ory.com/docs/kratos/mfa/step-up-authentication", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/concepts/docker", "destination": "https://www.ory.com/docs/kratos/guides/docker", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/hooks/webhooks-integrations", "destination": "https://www.ory.com/docs/guides/integrate-with-ory-cloud-through-webhooks", - "permanent": false + "permanent": true }, { "source": "/docs/keto/guides/userset-rewrites", "destination": "https://www.ory.com/docs/network/keto/overview", - "permanent": false + "permanent": true }, { "source": "/docs/keto/concepts/internal-algorithms", "destination": "https://www.ory.com/docs/network/keto/overview", - "permanent": false + "permanent": true }, { "source": "/docs/keto/concepts/snaptokens-evaluation-consistency", "destination": "https://www.ory.com/docs/network/keto/overview", - "permanent": false + "permanent": true }, { "source": "/docs/keto/guides/access-control-inheritance", "destination": "https://www.ory.com/docs/network/keto/overview", - "permanent": false + "permanent": true }, { "source": "/docs/keto/guides/access-control-list-design-best-practices", "destination": "https://www.ory.com/docs/network/keto/overview", - "permanent": false + "permanent": true }, { "source": "/docs/keto/performance", "destination": "https://www.ory.com/docs/network/keto/overview", - "permanent": false + "permanent": true }, { "source": "/docs/keto/secure", "destination": "https://www.ory.com/docs/network/keto/overview", - "permanent": false + "permanent": true }, { "source": "/docs/guides/bring-your-user-interface", "destination": "https://www.ory.com/docs/kratos/bring-your-own-ui/configure-ory-to-use-your-ui", - "permanent": false + "permanent": true }, { "source": "/docs/getting-started/custom-ui-ory-elements", "destination": "https://www.ory.com/docs/kratos/bring-your-own-ui/custom-ui-ory-elements", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/guides/custom-ui", "destination": "https://www.ory.com/docs/kratos/bring-your-own-ui/overview", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/limitations", "destination": "/docs/oauth2-oidc/overview/oauth2-concepts", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/concepts/oauth2", "destination": "https://www.ory.com/docs/oauth2-oidc/overview/oauth2-concepts", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/guides/oauth2-public-spa-mobile", "destination": "https://www.ory.com/docs/oauth2-oidc/authorization-code-flow", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/guides/common-oauth2-openid-connect-flows", "destination": "https://www.ory.com/docs/oauth2-oidc/authorization-code-flow", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/concepts/openid-connect-oidc", "destination": "https://www.ory.com/docs/oauth2-oidc/overview/oidc-concepts", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/guides/openid-connect-dynamic-client-registration", "destination": "/docs/hydra/guides/oauth2-clients", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/guides/login", "destination": "/docs/oauth2-oidc/custom-login-consent/flow", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/guides/consent", "destination": "/docs/oauth2-oidc/custom-login-consent/flow", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/concepts/login", "destination": "/docs/oauth2-oidc/custom-login-consent/flow", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/concepts/consent", "destination": "/docs/oauth2-oidc/custom-login-consent/flow", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/login-consent-flow", "destination": "/docs/oauth2-oidc/custom-login-consent/flow", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/concepts/logout", "destination": "/docs/oauth2-oidc/oidc-logout", - "permanent": false + "permanent": true }, { "source": "/docs/hydra", "destination": "/docs/network/hydra", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/self-hosted/examples", "destination": "https://www.ory.com/docs/oss/community", - "permanent": false + "permanent": true }, { "source": "/docs/ecosystem/deployment", "destination": "https://www.ory.com/docs/oss/deployment", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/guides/high-availability-ha", "destination": "https://www.ory.com/docs/self-hosted/operations/scalability", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/self-hosted/scaling-hydra", "destination": "https://www.ory.com/docs/self-hosted/operations/scalability", - "permanent": false + "permanent": true }, { "source": "/docs/ecosystem/logging", "destination": "https://www.ory.com/docs/self-hosted/operations/logging", - "permanent": false + "permanent": true }, { "source": "/docs/ecosystem/versioning", "destination": "https://www.ory.com/docs/oss/upgrading", - "permanent": false + "permanent": true }, { "source": "/docs/ecosystem/roadmap", "destination": "https://www.ory.com/docs/oss/changelog", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/benchmark", "destination": "/docs/oauth2-oidc", - "permanent": false + "permanent": true }, { "source": "/docs/performance/hydra", "destination": "https://www.ory.com/docs/oauth2-oidc", - "permanent": false + "permanent": true }, { "source": "/docs/cli", "destination": "/docs/guides/cli/installation", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/self-hosted/tracing", "destination": "/docs/self-hosted/operations/tracing", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/hydra-index", "destination": "/docs/hydra", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/sdk/hydra-sdk-api", "destination": "/docs/hydra/reference/api", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/sdk/api", "destination": "/docs/hydra/reference/api", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/guides/react-native-login-registration", "destination": "/docs/getting-started/integrate-auth/react-native", - "permanent": false + "permanent": true }, { "source": "/docs/keto/engines/rbac", "destination": "/docs/keto/guides/rbac", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/concepts", "destination": "/docs/kratos", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/guides/security-questions-best-practice", "destination": "/docs/kratos/concepts/security", - "permanent": false + "permanent": true }, { "source": "/docs/1-hydra/2-overview/1-oauth2", "destination": "/docs/oauth2-oidc/custom-login-consent/flow", - "permanent": false + "permanent": true }, { "source": "/docs/guides/latest/9-telemetry", "destination": "/docs/kratos/guides/tracing", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/ory-kratos-intro", "destination": "/docs/identities", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/social-signin/twitter", "destination": "/docs/kratos/social-signin/x-twitter", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/passwordless/webauthn", "destination": "/docs/kratos/passwordless/passkeys", - "permanent": false + "permanent": true }, { "source": "/docs/identities/sign-in/saml", "destination": "/docs/kratos/organizations", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/5min-tutorial", "destination": "/docs/oel/hydra/quickstart", - "permanent": false + "permanent": true }, { "source": "/docs/quickstart/sdks", "destination": "/docs/sdk", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/cli/hydra-clients-create", "destination": "/docs/hydra/cli/hydra-create-client", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/advanced/caching", "destination": "/docs/hydra/jwks", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/advanced/refresh-tokens", "destination": "/docs/oauth2-oidc/refresh-token-grant", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/advanced/tls", "destination": "/docs/hydra/self-hosted/ssl-https-tls", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/appendix", "destination": "/docs/oauth2-oidc", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/cli", "destination": "/docs/hydra/cli/hydra", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/concepts/jwk", "destination": "/docs/hydra/jwks", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/debug/config", "destination": "/docs/hydra/reference/configuration", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/debug/csrf", "destination": "/docs/self-hosted/hydra/debug/csrf", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/guides", "destination": "/docs/oauth2-oidc", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/guides/claims-at-refresh</source", "destination": "/docs/hydra/guides/claims-at-refresh", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/guides/device-authorization-grant", "destination": "/docs/oauth2-oidc/device-authorization", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/guides/login-consent", "destination": "/docs/oauth2-oidc/custom-login-consent/flow", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/guides/login-consent-flow", "destination": "/docs/oauth2-oidc/custom-login-consent/flow", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/guides/oauth2", "destination": "/docs/oauth2-oidc/overview/oauth2-concepts", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/guides/oauth2-client-authentication", "destination": "/docs/hydra/concepts/before-oauth2", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/guides/ssl-https-tls", "destination": "/docs/hydra/self-hosted/ssl-https-tls", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/guides/token-introspection", "destination": "/docs/hydra/guides/oauth2-token-introspection", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/guides/token-revocation", "destination": "/docs/oauth2-oidc/revoke-consent", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/guides/tracing", "destination": "/docs/self-hosted/operations/tracing", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/hydra-configure-deploy", "destination": "/docs/hydra/self-hosted/configure-deploy", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/overview", "destination": "/docs/oauth2-oidc", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/quickstart", "destination": "/docs/network/hydra/ory-network-oauth2", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/recipes/mcp", "destination": "/docs/ecosystem/mcp", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/recipes/oauth2", "destination": "/docs/oauth2-oidc", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/reference/api</source", "destination": "/docs/hydra/reference/api", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/security", "destination": "/docs/hydra/security-architecture", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/cli/hydra-clients-delete", "destination": "/docs/hydra/cli/hydra-delete-oauth2-client", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/cli/hydra-clients-get", "destination": "/docs/hydra/cli/hydra-get-oauth2-client", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/cli/hydra-keys", "destination": "/docs/hydra/cli/hydra-get-jwk", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/cli/hydra-keys-create", "destination": "/docs/hydra/cli/hydra-create-jwk", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/cli/hydra-keys-delete", "destination": "/docs/hydra/cli/hydra-delete-jwk", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/cli/hydra-keys-get", "destination": "/docs/hydra/cli/hydra-get-jwk", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/cli/hydra-keys-import", "destination": "/docs/hydra/cli/hydra-import-jwk", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/cli/hydra-token", "destination": "/docs/hydra/cli/hydra-perform", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/cli/hydra-token-client", "destination": "/docs/hydra/cli/hydra-perform-client-credentials", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/cli/hydra-token-delete", "destination": "/docs/hydra/cli/hydra-delete-access-tokens", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/cli/hydra-token-flush", "destination": "/docs/hydra/cli/hydra-janitor", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/cli/hydra-token-introspect", "destination": "/docs/hydra/cli/hydra-introspect-token", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/cli/hydra-token-revoke", "destination": "/docs/hydra/cli/hydra-revoke-token", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/cli/hydra-token-user", "destination": "/docs/hydra/cli/hydra-perform-authorization-code", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/bring-your-own-ui/01_overview.mdx", "destination": "/docs/kratos/bring-your-own-ui/custom-ui-basic-integration", - "permanent": false + "permanent": true }, { "source": "/docs/guides/master/oathkeeper/1-overview/1-rules", "destination": "/docs/oathkeeper/api-access-rules", - "permanent": false + "permanent": true }, { "source": "/docs/troubleshooting/oidc-redirect-url-cname-OTA-092022-01", "destination": "/docs/troubleshooting/troubleshooting-social-sign-in", - "permanent": false + "permanent": true }, { "source": "/docs/ecosystem/benchmark", "destination": "/docs/oauth2-oidc", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/case-study", "destination": "/docs/oauth2-oidc", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/faq", "destination": "/docs/oauth2-oidc", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/self-hosted/account-activation-email-verification", "destination": "/docs/kratos/self-service/flows/verify-email-account-activation", - "permanent": false + "permanent": true }, { "source": "/docs/self-hosted/oel/kratos/upgrade-kratos", "destination": "/docs/self-hosted/oel/kratos/upgrade", - "permanent": false + "permanent": true }, { "source": "/docs/getting-started/integrate-auth/nextjs", @@ -1425,222 +1430,222 @@ { "source": "/docs/migrate-to-ory", "destination": "/docs/migrate-to-ory/migrate", - "permanent": false + "permanent": true }, { "source": "/docs/ecosystem/projects", "destination": "/docs/oss/getting-started", - "permanent": false + "permanent": true }, { "source": "/docs/open-source", "destination": "/docs/oss/open-source", - "permanent": false + "permanent": true }, { "source": "/docs/ecosystem/community", "destination": "/docs/oss/community", - "permanent": false + "permanent": true }, { "source": "/docs/ecosystem/contributing", "destination": "/docs/oss/contributing", - "permanent": false + "permanent": true }, { "source": "/docs/open-source/commitment", "destination": "/docs/oss/commitment", - "permanent": false + "permanent": true }, { "source": "/docs/ecosystem/software-architecture-philosophy", "destination": "/docs/oss/software-architecture-philosophy", - "permanent": false + "permanent": true }, { "source": "/docs/open-source/guidelines/rest-api-guidelines", "destination": "/docs/oss/guidelines/rest-api-guidelines", - "permanent": false + "permanent": true }, { "source": "/docs/ecosystem/upgrading", "destination": "/docs/oss/upgrading", - "permanent": false + "permanent": true }, { "source": "/docs/ecosystem/sqa", "destination": "/docs/oss/telemetry", - "permanent": false + "permanent": true }, { "source": "/docs/ecosystem/changelog", "destination": "/docs/oss/changelog", - "permanent": false + "permanent": true }, { "source": "/docs/self-hosted/deployment", "destination": "/docs/oss/deployment", - "permanent": false + "permanent": true }, { "source": "/docs/ecosystem/configuring", "destination": "/docs/oss/configuring", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/passwordless/06_code", "destination": "/docs/kratos/passwordless/07_code", - "permanent": false + "permanent": true }, { "source": "/docs/ecosystem/security", "destination": "/docs/security-compliance/security", - "permanent": false + "permanent": true }, { "source": "/docs/getting-started/overview", "destination": "/docs/welcome", - "permanent": false + "permanent": true }, { "source": "/docs/intro", "destination": "/docs/network/getting-started", - "permanent": false + "permanent": true }, { "source": "/docs/identities", "destination": "/docs/network/kratos/intro", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/quickstart", "destination": "/docs/oel/kratos/quickstart", - "permanent": false + "permanent": true }, { "source": "/docs/oauth2-oidc", "destination": "/docs/network/hydra", - "permanent": false + "permanent": true }, { "source": "/docs/getting-started/ory-network-oauth2", "destination": "/docs/network/hydra/ory-network-oauth2", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/self-hosted/quickstart", "destination": "/docs/oel/hydra/quickstart", - "permanent": false + "permanent": true }, { "source": "/docs/hydra/reference/configuration", "destination": "/docs/self-hosted/oel/oauth2/configuration", - "permanent": false + "permanent": true }, { "source": "/docs/keto", "destination": "/docs/network/keto", - "permanent": false + "permanent": true }, { "source": "/docs/guides/permissions/overview", "destination": "/docs/network/keto/overview", - "permanent": false + "permanent": true }, { "source": "/docs/keto/quickstart", "destination": "/docs/network/keto/quickstart", - "permanent": false + "permanent": true }, { "source": "/docs/keto/examples/olymp-file-sharing", "destination": "/docs/network/keto/file-sharing-example", - "permanent": false + "permanent": true }, { "source": "/docs/keto/reference/configuration", "destination": "/docs/self-hosted/oel/keto/configuration", - "permanent": false + "permanent": true }, { "source": "/docs/polis", "destination": "/docs/network/polis", - "permanent": false + "permanent": true }, { "source": "/docs/polis/quickstart", "destination": "/docs/oel/polis/quickstart", - "permanent": false + "permanent": true }, { "source": "/docs/polis/directory-sync/guides", "destination": "/docs/category/guides-3", - "permanent": false + "permanent": true }, { "source": "/docs/oathkeeper/guides/upgrade", "destination": "/docs/self-hosted/oel/oathkeeper/upgrade-oathkeeper", - "permanent": false + "permanent": true }, { "source": "/docs/oathkeeper/configure-deploy", "destination": "/docs/oel/oathkeeper/configure-deploy", - "permanent": false + "permanent": true }, { "source": "/docs/oathkeeper/reference/configuration", "destination": "/docs/self-hosted/oel/oathkeeper/configuration", - "permanent": false + "permanent": true }, { "source": "/docs/self-hosted/oel", "destination": "/docs/oel/getting-started", - "permanent": false + "permanent": true }, { "source": "/docs/category/operations-reference", "destination": "/docs/self-hosted/operations/scalability", - "permanent": false + "permanent": true }, { "source": "/docs/category/troubleshooting", "destination": "/docs/category/troubleshooting-reference", - "permanent": false + "permanent": true }, { "source": "/docs/security-compliance/compliance-and-certifications", "destination": "/docs/category/security-compliance", - "permanent": false + "permanent": true }, { "source": "/docs/identities/get-started", "destination": "/docs/identities/get-started/setup", - "permanent": false + "permanent": true }, { "source": "/docs/kratos/guides/e2e-integration-tests", "destination": "/docs/oss/guidelines/e2e-integration-tests", - "permanent": false + "permanent": true }, { "source": "/docs/oathkeeper", "destination": "/docs/network/oathkeeper", - "permanent": false + "permanent": true }, { "source": "/docs/solutions/solution_CIAM", "destination": "/docs/solutions/solution-CIAM", - "permanent": false + "permanent": true }, { "source": "/docs/solutions/solution_B2B", "destination": "/docs/solutions/solution-B2B", - "permanent": false + "permanent": true }, { "source": "/docs/solutions/solution_agentic", "destination": "/docs/solutions/solution-agentic", - "permanent": false + "permanent": true }, { "source": "/talos/quickstart", From 4eae00f9ba352c0d90508afbe8062c2222f601b9 Mon Sep 17 00:00:00 2001 From: Wassim Bougarfa <12980387+wassimoo@users.noreply.github.com> Date: Tue, 23 Jun 2026 18:59:06 +0200 Subject: [PATCH 7/8] fix: update installation guides and sidebar paths (#2613) * fix: update installation guides and sidebar paths for kratos * fix: move kratos oss setup instruction path * fix: update installation paths to shared component for consistency * fix: reorganize keto installation docs * fix: formatting * fix: update installation and upgrade guides across deployment models * fix: format * fix: revert to master * fix: update installation link format in quickstart guide * fix: remove outdated redirect for keto quickstart guide --- AGENTS.md | 2 + docs/_common/install.mdx | 82 --------- docs/hydra/self-hosted/install.mdx | 2 +- docs/identities/get-started/setup.mdx | 32 +++- docs/keto/guides/upgrade.mdx | 34 ---- docs/keto/install.mdx | 16 -- docs/keto/quickstart.mdx | 174 ------------------ docs/kratos/guides/upgrade.mdx | 37 ---- docs/kratos/install.mdx | 16 -- docs/oathkeeper/install.mdx | 2 +- docs/oel/keto/guides/upgrade.mdx | 14 ++ docs/oel/keto/install.mdx | 14 ++ docs/oel/kratos/guides/upgrade.mdx | 14 ++ docs/oel/kratos/install.mdx | 14 ++ docs/oss/keto/guides/upgrade.mdx | 14 ++ docs/oss/keto/install.mdx | 20 ++ docs/oss/kratos/guides/upgrade.mdx | 14 ++ docs/oss/kratos/install.mdx | 20 ++ docs/oss/upgrading.mdx | 2 +- sidebars-oel.ts | 8 +- sidebars-oss.ts | 15 +- src/components/Shared/install-oel.mdx | 55 ++++++ src/components/Shared/install-oss.mdx | 75 ++++++++ src/components/Shared/keto/guides/upgrade.mdx | 39 ++++ src/components/Shared/keto/quickstart.mdx | 2 +- .../Shared/kratos/guides/upgrade.mdx | 46 +++++ vercel.json | 30 ++- 27 files changed, 403 insertions(+), 390 deletions(-) delete mode 100644 docs/_common/install.mdx delete mode 100644 docs/keto/guides/upgrade.mdx delete mode 100644 docs/keto/install.mdx delete mode 100644 docs/keto/quickstart.mdx delete mode 100644 docs/kratos/guides/upgrade.mdx delete mode 100644 docs/kratos/install.mdx create mode 100644 docs/oel/keto/guides/upgrade.mdx create mode 100644 docs/oel/keto/install.mdx create mode 100644 docs/oel/kratos/guides/upgrade.mdx create mode 100644 docs/oel/kratos/install.mdx create mode 100644 docs/oss/keto/guides/upgrade.mdx create mode 100644 docs/oss/keto/install.mdx create mode 100644 docs/oss/kratos/guides/upgrade.mdx create mode 100644 docs/oss/kratos/install.mdx create mode 100644 src/components/Shared/install-oel.mdx create mode 100644 src/components/Shared/install-oss.mdx create mode 100644 src/components/Shared/keto/guides/upgrade.mdx create mode 100644 src/components/Shared/kratos/guides/upgrade.mdx diff --git a/AGENTS.md b/AGENTS.md index ccd4e0ac7..dc615efa5 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -186,6 +186,8 @@ import MyPartial from "@site/src/components/Shared/kratos/index.mdx" - Can’t find a page → check `docs/network`, `docs/oel`, `docs/oss` - Duplicate content → always set canonical URLs - Adding a page → update the correct sidebar +- Deleting a page → never delete without adding a Vercel redirect from the old + URL to a relevant replacement ## When in Doubt diff --git a/docs/_common/install.mdx b/docs/_common/install.mdx deleted file mode 100644 index 3b49621fb..000000000 --- a/docs/_common/install.mdx +++ /dev/null @@ -1,82 +0,0 @@ -Ory software runs on any operating system (FreeBSD, macOS, Linux, Windows, ...) and supports all major CPU platforms (ARM64, -ARMv7, x86_64, x86, ...). - -Ory provides pre-built binaries, Docker Images and support various package managers: - -```mdx-code-block -import TOCInline from '@theme/TOCInline' - - -``` - -## Linux - -```mdx-code-block -import Linux from '@site/src/components/Install/Linux' - - -``` - -## macOS - -```mdx-code-block -import MacOS from '@site/src/components/Install/MacOS' - - -``` - -## Windows - -```mdx-code-block -import Windows from '@site/src/components/Install/Windows' - - -``` - -## Docker - -```mdx-code-block -import Docker from '@site/src/components/Install/Docker' - - -``` - -## Kubernetes - -A list of available Helm Charts for Kubernetes can be found at [k8s.ory.com/helm](https://k8s.ory.com/helm/). - -## Download Binaries - -

- You can download the client and server binaries on our{" "} - Github releases page. No installer is available. You have to add - the binary to the PATH in your environment yourself, for example by putting it into - /usr/local/bin or something comparable. -

- -Once installed, you should be able to run: - -```mdx-code-block -import CodeBlock from '@theme/CodeBlock' - -{`${props.repo} help`} -``` - -## Building from source - -If you wish to compile the binary yourself, you need to install and set up [Go 1.17+](https://golang.org/) and add `$GOPATH/bin` -to your `$PATH`. - -:::danger - -Please note that this will check out the latest commit, which might be not yet released and unstable. - -::: - -```mdx-code-block -{`git clone https://github.com/ory/${props.repo}.git -cd ${props.repo} -go mod download -go install -tags sqlite,json1,hsm . -$(go env GOPATH)/bin/${props.repo} help`} -``` diff --git a/docs/hydra/self-hosted/install.mdx b/docs/hydra/self-hosted/install.mdx index 9f73fce35..ae3397dd7 100644 --- a/docs/hydra/self-hosted/install.mdx +++ b/docs/hydra/self-hosted/install.mdx @@ -10,7 +10,7 @@ import Secure from '../../_common/secure.mdx' ``` ```mdx-code-block -import Install from '../../_common/install.mdx' +import Install from '@site/src/components/Shared/install-oel.mdx' ``` diff --git a/docs/identities/get-started/setup.mdx b/docs/identities/get-started/setup.mdx index 357b8a503..0591671e9 100644 --- a/docs/identities/get-started/setup.mdx +++ b/docs/identities/get-started/setup.mdx @@ -9,6 +9,9 @@ import Tabs from "@theme/Tabs" import TabItem from "@theme/TabItem" import CodeBlock from '@theme/CodeBlock' import { FrameworkCodeTabs } from '@site/src/components/GuidesComponents' +import Linux from '@site/src/components/Install/Linux' +import MacOS from '@site/src/components/Install/MacOS' +import Windows from '@site/src/components/Install/Windows' import nextDevSetup from '!!raw-loader!./_common/code-examples/nextjs/ory.ts' import goSetup from '!!raw-loader!./_common/code-examples/go/ory_client.go' import jsDevSetup from '!!raw-loader!./_common/code-examples/js/setupDev.js' @@ -69,16 +72,13 @@ For local development, you'll need to use Ory Tunnel to connect your local appli values={[ {label: 'macOS', value: 'macos'}, {label: 'Linux', value: 'linux'}, + {label: 'Windows', value: 'windows'}, ]}> ``` -```shell -# Install Ory CLI using Homebrew -brew install ory/tap/cli - -# Verify installation -ory help +```mdx-code-block + ``` ```mdx-code-block @@ -86,6 +86,19 @@ ory help ``` +```mdx-code-block + +``` + +```mdx-code-block + + +``` + +```mdx-code-block + +``` + ```mdx-code-block @@ -94,10 +107,13 @@ ory help After installing the CLI, start the tunnel to connect your local application with Ory's APIs: ```shell -# Start the tunnel (replace with your project id) -ory tunnel --project $PROJECT_ID http://localhost:3000 +ory tunnel --project $ORY_PROJECT_ID --port 4000 http://localhost:3000 ``` +This proxies Ory's APIs on `http://localhost:4000` and forwards all other traffic to your application at `http://localhost:3000`. +Running the tunnel is required for local development because Ory's session cookies must be set on the same domain as your +application. + :::tip To learn more about the Ory Tunnel, read the [dedicated section of the Ory CLI documentation](../../guides/cli/proxy-and-tunnel). diff --git a/docs/keto/guides/upgrade.mdx b/docs/keto/guides/upgrade.mdx deleted file mode 100644 index 42cc857d8..000000000 --- a/docs/keto/guides/upgrade.mdx +++ /dev/null @@ -1,34 +0,0 @@ ---- -id: upgrade -title: Apply upgrades ---- - -Follow this guide when upgrading Ory Keto to a newer version. - -:::danger - -Back up your data! Applying upgrades can lead to data loss if handled incorrectly. - -::: - -1. Review breaking changes. Visit the [CHANGELOG.md](https://github.com/ory/keto/blob/master/CHANGELOG.md) to see if breaking - changes have been introduced in the version you are upgrading to. -1. Backup your data. -1. Update the [Ory Keto SDK](../sdk/01_overview.md) if used in your application. -1. [Install](../install.mdx) the new version of Ory Keto. -1. Run [`keto migrate`](../cli/keto-migrate.md) to run the SQL migrations to the new database schema. - -Should you run into problems with the upgrade, consider a stepped upgrade and please visit the community -[chat](https://slack.ory.com/) or start a [discussion](https://github.com/ory/keto/discussions). - -## Migrating to Keto 0.7 - -Ory Keto v0.6 used the table-separated namespaces database schema described in the Google Zanzibar paper. However, we found for -various reasons outlined in that this isn't ideal for Keto. Visit [migrating to Keto v0.7](./v0.7-migration) guide for more -information - -## Migrating Keto policies from 0.5 version - -In [Ory Keto 0.6](https://github.com/ory/keto/blob/v0.6.0-alpha.1/CHANGELOG.md#060-alpha1pre0-2021-04-01) Ory Access Control -Policy DSL modeled after AWS IAM Policies became obsolete. Visit [migrating legacy policies](./migrating-legacy-policies) guide -for more information. diff --git a/docs/keto/install.mdx b/docs/keto/install.mdx deleted file mode 100644 index 4341925d6..000000000 --- a/docs/keto/install.mdx +++ /dev/null @@ -1,16 +0,0 @@ ---- -id: install -title: Installation ---- - -```mdx-code-block -import Secure from '../_common/secure.mdx' - - -``` - -```mdx-code-block -import Install from '../_common/install.mdx' - - -``` diff --git a/docs/keto/quickstart.mdx b/docs/keto/quickstart.mdx deleted file mode 100644 index bf5d69fba..000000000 --- a/docs/keto/quickstart.mdx +++ /dev/null @@ -1,174 +0,0 @@ ---- -title: "Quickstart: Cat Videos Example" ---- - -```mdx-code-block -import Help from '@site/docs/_common/need-selfhosted-support.mdx' - - -``` - -This example describes a video sharing service. The individual videos are organized in directories. Every directory has an owner -and every video has the same owner as it's parent directory. The owner has elevated privileges about the video files that aren't -modeled individually in Ory Keto. The only other privilege modeled in this example is "view access." Every owner has view access -to their objects, and this privilege can be granted to other users as well. The video sharing application interprets the special -`*` user ID as any user, including anonymous users. Note that Ory Keto doesn't interpret this subject any differently from other -subjects. It also doesn't know anything about directory structures or induced ownership. - -The "Keto client" is the application interacting with Keto. In this case we refer to the video sharing service backend as the Keto -client. - -## Starting the example - -First, [install Keto](./install.mdx). - -Now you can start the example using either `docker-compose` or a bash script. The bash script requires you to have the `keto` -binary in your `$PATH`. - -Alternatively, use Docker to automatically get the required images. - -```shell -# clone the repository if you don't have it yet -git clone git@github.com:ory/keto.git && cd keto - -# Alternatively, you can use 'https' to clone if ssh cloning gives permission denied error. (Configure ssh keys in github to resolve the issue.) -git clone https://github.com/ory/keto.git && cd keto - -docker-compose -f contrib/cat-videos-example/docker-compose.yml up -# or -./contrib/cat-videos-example/up.sh - -# output: all initially created relationships - -# NAMESPACE OBJECT RELATION NAME SUBJECT -# Video /cats/1.mp4 owner Video:/cats#owner -# Video /cats/1.mp4 view Video:/cats/1.mp4#owner -# Video /cats/1.mp4 view User:* -# Video /cats/2.mp4 owner Video:/cats#owner -# Video /cats/2.mp4 view Video:/cats/2.mp4#owner -# Video /cats owner User:Alice -# Video /cats view Video:/cats#owner -``` - -## State of the system - -At the current state only `User:Alice` has added videos. Both videos are in the `/cats` directory owned by `User:Alice`. The file -`File:/cats/1.mp4` can be viewed by anyone (`User:*`), while `Video:/cats/2.mp4` has no extra sharing options, and can therefore -only be viewed by its owner, `User:Alice`. The relationship definitions are located in the -`contrib/cat-videos-example/relation-tuples` directory. - -## Simulating the video sharing application - -Now you can open a second terminal to run the queries against, just like the video service client would do. In this example we -will use the Keto CLI client. - -If you want to run the Keto CLI within **Docker**, set the alias - -```shell -alias keto="docker run -it --network cat-videos-example_default -e KETO_READ_REMOTE=\"keto:4466\" oryd/keto:v25.4.0" -``` - -in your terminal session. Alternatively, you need to set the remote endpoint so that the Keto CLI knows where to connect to (not -necessary if using Docker): - -```shell -export KETO_READ_REMOTE="127.0.0.1:4466" -``` - -### Check incoming requests - -First off, we get a request by an anonymous user that would like to view `/cats/2.mp4`. The client now has to ask Keto if that -operation should be allowed or denied. - -```shell -# Is "*" allowed to "view" the object "videos":"/cats/2.mp4"? -keto check "User:*" view Video /cats/2.mp4 --insecure-disable-transport-security -# output: - -# Denied -``` - -We already discussed that this request should be denied, but it's always good to see this in action. - -Now `User:Alice` wants to change some view permissions of `Video:/cats/1.mp4`. For this, the video service application has to show -all users that are allowed to view the video. It uses Keto's [expand-API](./concepts/25_api-overview.mdx#expand-subject-sets) to -get these data: - -```shell -# Who is allowed to "view" the object "videos":"/cats/2.mp4"? -keto expand view Video /cats/1.mp4 --insecure-disable-transport-security -# output: -``` - -```keto-tuples -# or :#@Video:/cats/1.mp4#view -# ├──∋ :#@User:*️ -# └──or :#@Video:/cats/1.mp4#owner -# └──or :#@Video:/cats#owner -# └──∋ :#@User:Alice️ -``` - -Here we can see the full subject set expansion. The second branch - -```keto-tuples -Video:/cats/1.mp4#owner -``` - -indicates that every owner of the object is allowed to view the Object. - -In the next step we see that the object's owners are the owners of `Video:/cats` - -```keto-tuples -Video:/cats#owner -``` - -On the last line, we see that `User:Alice` is the owner of `Video:/cats`. - -Note that there is no direct relationship that would grant `Alice` view access on `/cats/1.mp4` as this is indirectly defined via -the ownership relation. - -The special user `User:*` on the other hand was directly granted view access on the object, as it's a first-level leaf of the -expansion tree. The following CLI command proves that this is the case: - -```shell -# Is "*" allowed to "view" the object "Video":"/cats/1.mp4"? -keto check "User:*" view Video /cats/1.mp4 --insecure-disable-transport-security -# output: - -# Allowed -``` - -```mdx-code-block -import Mermaid from "@site/src/theme/Mermaid" - - r2 - r1 ----- sub1(["User:Alice"]) - r1 -.-> r4 - obj1 ---- r4((owner)) - r3 --- all(["User:* (anyone)"]) - r4 -.-> r3 - obj1[Video:/cats/1.mp4] --- r3((view)) - obj2 --- r6((view)) - r1 -.-> r5 - obj2[Video:/cats/2.mp4] ---- r5((owner)) - r5 -.-> r6 - style sub1 fill:green,color:white - style all fill:green,color:white - style r1 fill:darkgreen,color:white - style r2 fill:darkgreen,color:white - style r3 fill:darkgreen,color:white - style r4 fill:darkgreen,color:white - style r5 fill:darkgreen,color:white - style r6 fill:darkgreen,color:white -`} -/> -``` - - - -Updating the view permissions will be added here at a later stage. diff --git a/docs/kratos/guides/upgrade.mdx b/docs/kratos/guides/upgrade.mdx deleted file mode 100644 index 5ca412d93..000000000 --- a/docs/kratos/guides/upgrade.mdx +++ /dev/null @@ -1,37 +0,0 @@ ---- -id: upgrade -title: Apply upgrades ---- - -Follow this guide when upgrading Ory Kratos to a newer version. - -:::danger - -Back up your data! Applying upgrades can lead to data loss if handled incorrectly. - -::: - -1. Review breaking changes. Visit the [CHANGELOG.md](https://github.com/ory/kratos/blob/master/CHANGELOG.md) to see if breaking - changes have been introduced in the version you are upgrading to. -1. Backup your data. -1. Update the [Ory Kratos SDK](../sdk/01_overview.md) if used in your application. -1. [Install](../install.mdx) the new version of Ory Kratos. -1. Run [`kratos migrate sql`](../cli/kratos-migrate-sql.md) to run the SQL migrations to the new database schema. -1. If you are upgrading to a version that introduces phone number normalization, run `kratos migrate normalize-phone-numbers` - after the new version is deployed and serving traffic. This rewrites existing phone identifiers to E.164 format. See the - [phone normalization guide](./normalize-phone-numbers.mdx) for the recommended rollout sequence. - -Should you run into problems with the upgrade, consider a stepped upgrade and please visit the community -[chat](https://slack.ory.com/) or start a [discussion](https://github.com/ory/kratos/discussions). - -#### v0.7 Changed cookie behavior - -In [Ory Kratos v0.7](https://github.com/ory/kratos/blob/v0.7.0-alpha.1/CHANGELOG.md#breaking-changes) the cookie behavior has -changed. Review -[changes in the exemplary self-service user interface](https://github.com/ory/kratos-selfservice-ui-node/commit/e7fa292968111e06401fcfc9b1dd0e8e285a4d87). -Visit the [Cookie Settings](https://www.ory.com/kratos/docs/guides/multi-domain-cookies/#cookies) document for more information. - -#### v0.10.0 Authenticator assurance level (AAL) in session - -Since [Ory Kratos v0.10.0](https://github.com/ory/kratos/blob/v0.10.0/CHANGELOG.md#breaking-changes), the AAL is part of the -session. When upgrading, sessions need to be reissued to observe a higher AAL due to multi-factor methods. diff --git a/docs/kratos/install.mdx b/docs/kratos/install.mdx deleted file mode 100644 index fa0bec39d..000000000 --- a/docs/kratos/install.mdx +++ /dev/null @@ -1,16 +0,0 @@ ---- -id: install -title: Installation ---- - -```mdx-code-block -import Secure from '../_common/secure.mdx' - - -``` - -```mdx-code-block -import Install from '../_common/install.mdx' - - -``` diff --git a/docs/oathkeeper/install.mdx b/docs/oathkeeper/install.mdx index 3fd5477d2..1d018c47e 100644 --- a/docs/oathkeeper/install.mdx +++ b/docs/oathkeeper/install.mdx @@ -4,7 +4,7 @@ title: Installation --- ```mdx-code-block -import Install from '../_common/install.mdx' +import Install from '@site/src/components/Shared/install-oss.mdx' ``` diff --git a/docs/oel/keto/guides/upgrade.mdx b/docs/oel/keto/guides/upgrade.mdx new file mode 100644 index 000000000..4d04a5591 --- /dev/null +++ b/docs/oel/keto/guides/upgrade.mdx @@ -0,0 +1,14 @@ +--- +id: upgrade +title: Apply upgrades +--- + + + + + +```mdx-code-block +import MyPartial from "@site/src/components/Shared/keto/guides/upgrade.mdx" + + +``` diff --git a/docs/oel/keto/install.mdx b/docs/oel/keto/install.mdx new file mode 100644 index 000000000..aeeadbc2b --- /dev/null +++ b/docs/oel/keto/install.mdx @@ -0,0 +1,14 @@ +--- +id: install +title: Installation +--- + + + + + +```mdx-code-block +import Install from '@site/src/components/Shared/install-oel.mdx' + + +``` diff --git a/docs/oel/kratos/guides/upgrade.mdx b/docs/oel/kratos/guides/upgrade.mdx new file mode 100644 index 000000000..cbcb1fd94 --- /dev/null +++ b/docs/oel/kratos/guides/upgrade.mdx @@ -0,0 +1,14 @@ +--- +id: upgrade +title: Apply upgrades +--- + + + + + +```mdx-code-block +import MyPartial from "@site/src/components/Shared/kratos/guides/upgrade.mdx" + + +``` diff --git a/docs/oel/kratos/install.mdx b/docs/oel/kratos/install.mdx new file mode 100644 index 000000000..91a352e1b --- /dev/null +++ b/docs/oel/kratos/install.mdx @@ -0,0 +1,14 @@ +--- +id: install +title: Installation +--- + + + + + +```mdx-code-block +import Install from '@site/src/components/Shared/install-oel.mdx' + + +``` diff --git a/docs/oss/keto/guides/upgrade.mdx b/docs/oss/keto/guides/upgrade.mdx new file mode 100644 index 000000000..4d04a5591 --- /dev/null +++ b/docs/oss/keto/guides/upgrade.mdx @@ -0,0 +1,14 @@ +--- +id: upgrade +title: Apply upgrades +--- + + + + + +```mdx-code-block +import MyPartial from "@site/src/components/Shared/keto/guides/upgrade.mdx" + + +``` diff --git a/docs/oss/keto/install.mdx b/docs/oss/keto/install.mdx new file mode 100644 index 000000000..c2bd0e56a --- /dev/null +++ b/docs/oss/keto/install.mdx @@ -0,0 +1,20 @@ +--- +id: install +title: Installation +--- + + + + + +```mdx-code-block +import Secure from '@site/docs/_common/secure.mdx' + + +``` + +```mdx-code-block +import Install from '@site/src/components/Shared/install-oss.mdx' + + +``` diff --git a/docs/oss/kratos/guides/upgrade.mdx b/docs/oss/kratos/guides/upgrade.mdx new file mode 100644 index 000000000..cbcb1fd94 --- /dev/null +++ b/docs/oss/kratos/guides/upgrade.mdx @@ -0,0 +1,14 @@ +--- +id: upgrade +title: Apply upgrades +--- + + + + + +```mdx-code-block +import MyPartial from "@site/src/components/Shared/kratos/guides/upgrade.mdx" + + +``` diff --git a/docs/oss/kratos/install.mdx b/docs/oss/kratos/install.mdx new file mode 100644 index 000000000..5cb4b316e --- /dev/null +++ b/docs/oss/kratos/install.mdx @@ -0,0 +1,20 @@ +--- +id: install +title: Installation +--- + + + + + +```mdx-code-block +import Secure from '@site/docs/_common/secure.mdx' + + +``` + +```mdx-code-block +import Install from '@site/src/components/Shared/install-oss.mdx' + + +``` diff --git a/docs/oss/upgrading.mdx b/docs/oss/upgrading.mdx index e437960dd..7b47cddcd 100644 --- a/docs/oss/upgrading.mdx +++ b/docs/oss/upgrading.mdx @@ -14,7 +14,7 @@ changes. We know that breaking changes are annoying so we want to make upgrading We document changelogs and upgrade guides for Ory services: -- Ory Kratos: [upgrade guide](../kratos/guides/upgrade), [changelog](https://github.com/ory/kratos/blob/master/CHANGELOG.md) +- Ory Kratos: [upgrade guide](./kratos/guides/upgrade), [changelog](https://github.com/ory/kratos/blob/master/CHANGELOG.md) - Ory Hydra: [upgrade guide](https://github.com/ory/hydra/blob/master/UPGRADE.md), [changelog](https://github.com/ory/hydra/blob/master/CHANGELOG.md) - Ory Oathkeeper: [upgrade guide](https://github.com/ory/oathkeeper/blob/master/UPGRADE.md), diff --git a/sidebars-oel.ts b/sidebars-oel.ts index e9bf9182e..82a534281 100644 --- a/sidebars-oel.ts +++ b/sidebars-oel.ts @@ -50,7 +50,7 @@ const oelSidebar = [ className: "sidebar-icon sidebar-icon-kratos", items: [ "oel/kratos/intro", - "kratos/install", + "oel/kratos/install", "self-hosted/oel/kratos/upgrade", "self-hosted/oel/kratos/changelog", "oel/kratos/quickstart", @@ -78,7 +78,7 @@ const oelSidebar = [ items: [ "kratos/guides/docker", "kratos/guides/deploy-kratos-example", - "kratos/guides/upgrade", + "oel/kratos/guides/upgrade", "kratos/guides/production", "kratos/guides/multi-tenancy-multitenant", "oel/kratos/scalability", @@ -130,10 +130,10 @@ const oelSidebar = [ className: "sidebar-icon sidebar-icon-keto", items: [ "oel/keto/index", - "keto/install", + "oel/keto/install", "keto/guides/v0.7-migration", "keto/guides/migrating-legacy-policies", - "keto/guides/upgrade", + "oel/keto/guides/upgrade", "oel/keto/quickstart", "self-hosted/oel/keto/changelog", { diff --git a/sidebars-oss.ts b/sidebars-oss.ts index 6f6ae58d1..1091962b4 100644 --- a/sidebars-oss.ts +++ b/sidebars-oss.ts @@ -58,9 +58,8 @@ const ossSidebar = [ className: "sidebar-icon sidebar-icon-kratos", items: [ "oss/kratos/intro", - "kratos/install", - "kratos/guides/upgrade", - "self-hosted/oel/kratos/changelog", + "oss/kratos/install", + "oss/kratos/guides/upgrade", "oss/kratos/quickstart", { type: "category", @@ -86,7 +85,7 @@ const ossSidebar = [ items: [ "kratos/guides/docker", "kratos/guides/deploy-kratos-example", - "kratos/guides/upgrade", + "oss/kratos/guides/upgrade", "kratos/guides/production", "kratos/guides/multi-tenancy-multitenant", "oel/kratos/scalability", @@ -138,12 +137,11 @@ const ossSidebar = [ className: "sidebar-icon sidebar-icon-keto", items: [ "oss/keto/index", - "keto/install", + "oss/keto/install", "keto/guides/v0.7-migration", "keto/guides/migrating-legacy-policies", - "keto/guides/upgrade", + "oss/keto/guides/upgrade", "oss/keto/quickstart", - "self-hosted/oel/keto/changelog", { type: "category", label: "Configuration", @@ -187,7 +185,6 @@ const ossSidebar = [ "self-hosted/oel/oauth2/revert-database-migrations", "self-hosted/oel/oauth2/upgrade", "hydra/self-hosted/upgrade", - "self-hosted/oel/oauth2/changelog", "oel/hydra/quickstart", { type: "category", @@ -255,7 +252,6 @@ const ossSidebar = [ items: [ "oss/polis/index", "polis/install", - "self-hosted/oel/polis/changelog", "oel/polis/quickstart", { type: "category", @@ -432,7 +428,6 @@ const ossSidebar = [ "oss/oathkeeper/index", "oathkeeper/install", "self-hosted/oel/oathkeeper/upgrade-oathkeeper", - "self-hosted/oel/oathkeeper/changelog", { type: "category", label: "Configure", diff --git a/src/components/Shared/install-oel.mdx b/src/components/Shared/install-oel.mdx new file mode 100644 index 000000000..c6f512642 --- /dev/null +++ b/src/components/Shared/install-oel.mdx @@ -0,0 +1,55 @@ +Ory software runs on any operating system (FreeBSD, macOS, Linux, Windows, ...) +and supports all major CPU platforms (ARM64, ARMv7, x86_64, x86, ...). + +```mdx-code-block +import Tabs from '@theme/Tabs' +import TabItem from '@theme/TabItem' +import Linux from '@site/src/components/Install/Linux' +import MacOS from '@site/src/components/Install/MacOS' +import Windows from '@site/src/components/Install/Windows' +import Docker from '@site/src/components/Install/Docker' + + + + + + + + + + + + + + + + A list of available Helm Charts for Kubernetes can be found at k8s.ory.com/helm. + + +``` + +## Download Binaries + +

+ You can download the client and server binaries on our{" "} + Github releases{" "} + page. No installer is available. You have to add the binary to the PATH in + your environment yourself, for example by putting it into + /usr/local/bin or something comparable. +

+ +Once installed, you should be able to run: + +```mdx-code-block +import CodeBlock from '@theme/CodeBlock' + +{`${props.repo} help`} +``` diff --git a/src/components/Shared/install-oss.mdx b/src/components/Shared/install-oss.mdx new file mode 100644 index 000000000..c0284f428 --- /dev/null +++ b/src/components/Shared/install-oss.mdx @@ -0,0 +1,75 @@ +Ory software runs on any operating system (FreeBSD, macOS, Linux, Windows, ...) +and supports all major CPU platforms (ARM64, ARMv7, x86_64, x86, ...). + +```mdx-code-block +import Tabs from '@theme/Tabs' +import TabItem from '@theme/TabItem' +import Linux from '@site/src/components/Install/Linux' +import MacOS from '@site/src/components/Install/MacOS' +import Windows from '@site/src/components/Install/Windows' +import Docker from '@site/src/components/Install/Docker' + + + + + + + + + + + + + + + + A list of available Helm Charts for Kubernetes can be found at k8s.ory.com/helm. + + +``` + +## Download Binaries + +

+ You can download the client and server binaries on our{" "} + Github releases{" "} + page. No installer is available. You have to add the binary to the PATH in + your environment yourself, for example by putting it into + /usr/local/bin or something comparable. +

+ +Once installed, you should be able to run: + +```mdx-code-block +import CodeBlock from '@theme/CodeBlock' + +{`${props.repo} help`} +``` + +## Building from source + +If you wish to compile the binary yourself, you need to install and set up +[Go 1.17+](https://golang.org/) and add `$GOPATH/bin` to your `$PATH`. + +:::danger + +Please note that this will check out the latest commit, which might be not yet +released and unstable. + +::: + +```mdx-code-block +{`git clone https://github.com/ory/${props.repo}.git +cd ${props.repo} +go mod download +go install -tags sqlite,json1,hsm . +$(go env GOPATH)/bin/${props.repo} help`} +``` diff --git a/src/components/Shared/keto/guides/upgrade.mdx b/src/components/Shared/keto/guides/upgrade.mdx new file mode 100644 index 000000000..b73ed3b79 --- /dev/null +++ b/src/components/Shared/keto/guides/upgrade.mdx @@ -0,0 +1,39 @@ +Follow this guide when upgrading Ory Keto to a newer version. + +:::danger + +Back up your data! Applying upgrades can lead to data loss if handled +incorrectly. + +::: + +1. Review breaking changes. Visit the + [CHANGELOG.md](https://github.com/ory/keto/blob/master/CHANGELOG.md) to see + if breaking changes have been introduced in the version you are upgrading to. +1. Backup your data. +1. Update the [Ory Keto SDK](/docs/keto/sdk/overview) if used in your + application. +1. Install the new version + of Ory Keto. +1. Run [`keto migrate`](/docs/keto/cli/keto-migrate) to run the SQL migrations + to the new database schema. + +Should you run into problems with the upgrade, consider a stepped upgrade and +please visit the community [chat](https://slack.ory.com/) or start a +[discussion](https://github.com/ory/keto/discussions). + +## Migrating to Keto 0.7 + +Ory Keto v0.6 used the table-separated namespaces database schema described in +the Google Zanzibar paper. However, we found for various reasons outlined in +that this isn't ideal for Keto. Visit +[migrating to Keto v0.7](/docs/keto/guides/v0.7-migration) guide for more +information + +## Migrating Keto policies from 0.5 version + +In +[Ory Keto 0.6](https://github.com/ory/keto/blob/v0.6.0-alpha.1/CHANGELOG.md#060-alpha1pre0-2021-04-01) +Ory Access Control Policy DSL modeled after AWS IAM Policies became obsolete. +Visit [migrating legacy policies](/docs/keto/guides/migrating-legacy-policies) +guide for more information. diff --git a/src/components/Shared/keto/quickstart.mdx b/src/components/Shared/keto/quickstart.mdx index 2181bb9fb..9af1fb797 100644 --- a/src/components/Shared/keto/quickstart.mdx +++ b/src/components/Shared/keto/quickstart.mdx @@ -20,7 +20,7 @@ refer to the video sharing service backend as the Keto client. ## Starting the example -First, [install Keto](../../../../docs/keto/install). +First, install Keto. Now you can start the example using either `docker-compose` or a bash script. The bash script requires you to have the `keto` binary in your `$PATH`. diff --git a/src/components/Shared/kratos/guides/upgrade.mdx b/src/components/Shared/kratos/guides/upgrade.mdx new file mode 100644 index 000000000..814da57bd --- /dev/null +++ b/src/components/Shared/kratos/guides/upgrade.mdx @@ -0,0 +1,46 @@ +Follow this guide when upgrading Ory Kratos to a newer version. + +:::danger + +Back up your data! Applying upgrades can lead to data loss if handled +incorrectly. + +::: + +1. Review breaking changes. Visit the + [CHANGELOG.md](https://github.com/ory/kratos/blob/master/CHANGELOG.md) to see + if breaking changes have been introduced in the version you are upgrading to. +1. Backup your data. +1. Update the [Ory Kratos SDK](/docs/kratos/sdk/overview) if used in your + application. +1. Install the new version + of Ory Kratos. +1. Run [`kratos migrate sql`](/docs/kratos/cli/kratos-migrate-sql) to run the + SQL migrations to the new database schema. +1. If you are upgrading to a version that introduces phone number normalization, + run `kratos migrate normalize-phone-numbers` after the new version is + deployed and serving traffic. This rewrites existing phone identifiers to + E.164 format. See the + [phone normalization guide](/docs/kratos/guides/normalize-phone-numbers) for + the recommended rollout sequence. + +Should you run into problems with the upgrade, consider a stepped upgrade and +please visit the community [chat](https://slack.ory.com/) or start a +[discussion](https://github.com/ory/kratos/discussions). + +#### v0.7 Changed cookie behavior + +In +[Ory Kratos v0.7](https://github.com/ory/kratos/blob/v0.7.0-alpha.1/CHANGELOG.md#breaking-changes) +the cookie behavior has changed. Review +[changes in the exemplary self-service user interface](https://github.com/ory/kratos-selfservice-ui-node/commit/e7fa292968111e06401fcfc9b1dd0e8e285a4d87). +Visit the +[Cookie Settings](https://www.ory.com/kratos/docs/guides/multi-domain-cookies/#cookies) +document for more information. + +#### v0.10.0 Authenticator assurance level (AAL) in session + +Since +[Ory Kratos v0.10.0](https://github.com/ory/kratos/blob/v0.10.0/CHANGELOG.md#breaking-changes), +the AAL is part of the session. When upgrading, sessions need to be reissued to +observe a higher AAL due to multi-factor methods. diff --git a/vercel.json b/vercel.json index 9a18f2b1c..2a8f99d67 100644 --- a/vercel.json +++ b/vercel.json @@ -112,6 +112,31 @@ "destination": "https://www.ory.com/docs/network/keto", "permanent": true }, + { + "source": "/docs/kratos/install", + "destination": "/docs/oel/kratos/install", + "permanent": true + }, + { + "source": "/docs/keto/install", + "destination": "/docs/oel/keto/install", + "permanent": true + }, + { + "source": "/docs/kratos/guides/upgrade", + "destination": "/docs/oss/kratos/guides/upgrade", + "permanent": true + }, + { + "source": "/docs/keto/guides/upgrade", + "destination": "/docs/oss/keto/guides/upgrade", + "permanent": true + }, + { + "source": "/docs/keto/quickstart", + "destination": "/docs/oss/keto/quickstart", + "permanent": true + }, { "source": "/kratos/docs", "destination": "https://www.ory.com/docs/kratos", @@ -1552,11 +1577,6 @@ "destination": "/docs/network/keto/overview", "permanent": true }, - { - "source": "/docs/keto/quickstart", - "destination": "/docs/network/keto/quickstart", - "permanent": true - }, { "source": "/docs/keto/examples/olymp-file-sharing", "destination": "/docs/network/keto/file-sharing-example", From 71fbc0c985cb0e5966537fea08d09f1a8cd935ab Mon Sep 17 00:00:00 2001 From: unatasha8 Date: Tue, 23 Jun 2026 22:39:39 -0700 Subject: [PATCH 8/8] docs: remove old intro files --- docs/network/getting-started/index2.mdx | 125 ------------------------ docs/oel/getting-started/index2.mdx | 67 ------------- docs/oss/getting-started/index2.mdx | 116 ---------------------- 3 files changed, 308 deletions(-) delete mode 100644 docs/network/getting-started/index2.mdx delete mode 100644 docs/oel/getting-started/index2.mdx delete mode 100644 docs/oss/getting-started/index2.mdx diff --git a/docs/network/getting-started/index2.mdx b/docs/network/getting-started/index2.mdx deleted file mode 100644 index c7b0d351f..000000000 --- a/docs/network/getting-started/index2.mdx +++ /dev/null @@ -1,125 +0,0 @@ ---- -title: Introduction to Ory Network ---- - -Ory is a software infrastructure provider building a global zero-trust network for humans, robots, devices, and software services. -Ory develops open-source software on [GitHub](https://github.com/ory) and publishes open standards such as the -[Ory Permission Language](https://github.com/ory/keto/blob/master/docs/ory_permission_language_spec.md). -[The Ory Network](https://console.ory.com/) uses cloud-native open-source technologies (Kubernetes, Crossplane, Cockroach, Linux, -Ory) and standards (OAuth 2.0/2.1, OpenID Connect, MITREid, WebAuthn, TOTP, FIDO3) to deliver a low-latency, planet-scale -zero-trust infrastructure. Ory combines centuries of open source, security, operational, and industry expertise with a -user-centric and security-first mindset. - -Core infrastructure components of [Ory Network](https://console.ory.com) are open source to foster collaboration, reduce supply -chain risk, broaden access to secure services, and introduce the open standard for internet security. Being open source Ory -improves the safety of everyone: - -- Ory Identities offers a secure and modern central identity management solution with MFA, passwordless, WebAuthn, and more. It's - based on the open-source [Ory Kratos Identity Server](https://github.com/ory/kratos). -- Ory OAuth2 & OpenID Connect implements 15+ IETF and OpenID standards to facilitate single sign-on (SSO), delegation, and API - access authorization. It's based on the open-source [Ory Hydra Federation Server](https://github.com/ory/hydra). -- Ory Permissions is a low-latency, high-performance, relationship-based authorization system that enables fine-grained access - control (incl. RBAC and ABAC models) in any application. It's based on the open-source - [Ory Keto Permission Server](https://github.com/ory/keto), which implements - [Zanzibar: Google’s Consistent, Global Authorization System](https://research.google/pubs/pub48190/). - -Ory develops and maintains many additional open-source projects. From an Ory Zero Trust Identity & Access Proxy -[Ory Oathkeeper](https://github.com/ory/oathkeeper) to developer tooling [Ory Dockertest](https://github.com/ory/dockertest) to -language-specific libraries [Ory Ladon](https://github.com/ory/ladon). Ory has -[170+ open source repositories](https://github.com/orgs/ory/repositories) and over 35.000 GitHub stars. - -Ory secures billions of requests each month, runs in over 50,000 live deployments, and improves hourly. - -## Why Ory is different - -Ory differentiates from other vendors in the following key areas: - -- Ory core services and APIs are developed and licensed under Apache 2.0, allowing you to participate, collaborate, and understand - the inner workings of Ory. -- You can bring your UI, in the programming language of your choosing, with the user experience that you like. -- From designing Identity Schemas using JSON Schema, to webhooks, to advanced configuration options - Ory is the most customizable - platform out there. -- Ory spans the whole authentication and authorization universe with well-designed products and APIs: - - Identity Management with session management & flows for login, registration, recovery, verification, MFA, and more. - - Permission and Role Management. - - Delegation via OAuth2 and OpenID Connect. - - Zero Trust Networking. - - Modern API design with partial support for gRPC. - -## Ory Network - -The Ory Network is the commercial offering of Ory and is built on top of Ory Open Source software. The goal with Ory Network is to -offer a planet-scale, low-latency, resilient, and secure service that's easy to use and set up. - -In short: Ory Network is the most convenient way to run Ory. [Sign up](https://console.ory.com/registration) and create a free -developer project. - -## Components - -Each project in Ory Network is an isolated tenant and uses many components providing functionality, user interfaces, and APIs -around identities, sessions, login, OAuth2, permissions, and more. The core components of projects in Ory Network are -[Ory Open Source servers](https://github.com/ory/). - -### Identities and sessions - -Ory Network incorporates the open-source [Ory Kratos Identity Server](https://www.ory.com/kratos) and offers: - -- Self-service flows are everything users do on their own / without the help of others: -- Registration with passwords, social sign-in, OpenID Connect, passkeys, and more. -- Login with passwords, social sign-in, OpenID Connect, passkeys, and more. -- Updating the profile, email, changing the password, un/linking with social sign-in providers, and more. -- Recovering the account by resetting the password. -- Verifying email addresses, phone numbers, and more. -- Multi-factor authentication flows and recovery processes. -- Administrative identity management to get, create, update, and delete identities and their data. -- Headless APIs and data models allow you to fully customize Identity Schemas - for example adding fields like name, accept ToS, - phone number - and create your login, registration, profile settings, recovery, and verification screen using SDKs and REST - APIs. -- SCIM support for automated user provisioning and deprovisioning with supported identity providers. - -### Permissions and relationships - -Ory Network incorporates the open-source [Ory Keto Permission Server](https://www.ory.com/keto) and offers: - -- Permission management to get, create, update, and delete permissions. -- Permission checking to check if a user has a permission. - -### OAuth2 and OIDC - -Ory Network incorporates the open-source [Ory Hydra OAuth2 & OpenID Server](https://www.ory.com/hydra) and offers: - -- Fully featured OAuth2 & [OpenID Certified](https://openid.net/developers/certified/)® OIDC Provider - -### SAML - -Ory Network incorporates the open-source [Ory Polis](https://www.ory.com/polis) and offers: - -- Enterprise SSO integration with SAML identity providers such as Okta, Azure AD, and Google Workspace. -- Simplified SSO flow by implementing SSO as a standard OAuth 2.0 flow, abstracting away the complexities of SAML. -- Act as a SAML Identity Provider (IdP). - -### Ory Console - -Ory Console is the management UI of Ory Network. - -### Ory Account Experience - -Ory Account Experience implements screens such as login, registration, account recovery, account setting, and account verification -for fast adoption of Ory. - -Ory allows you to implement your own authentication UI by offering simple, headless APIs. Use the open-source -[Ory Elements](https://github.com/ory/elements) components library for fast integration with frameworks like React and Next.js. - -### Ory Actions - -[Ory Actions](../../kratos/hooks/01_configure-hooks.mdx) provide a flexible way to extend the capabilities of the Ory Network by -defining custom business logic, automating system behavior in response to events, and integrating with third-party services such -as CRM platforms, payment gateways, business analytics tools, and integration platforms. - -## Ory Open Source - -Ory is the largest open-source ecosystem in the area of authentication, authorization, access control, and zero-trust networking -in the world. Ory is not another company "greenwashing" with open source by publishing SDKs under open-source licenses. Instead, -all Ory core systems are available as Apache 2.0 licensed software without enterprise or open-core models. - -Head over to the [Ory Open Source Overview](../../oss/open-source.mdx) for an introduction to the different projects. diff --git a/docs/oel/getting-started/index2.mdx b/docs/oel/getting-started/index2.mdx deleted file mode 100644 index 4a0c0193d..000000000 --- a/docs/oel/getting-started/index2.mdx +++ /dev/null @@ -1,67 +0,0 @@ ---- -title: Introduction to Ory Enterprise License ---- - -The Ory Enterprise License (OEL) is a commercial license designed for businesses and organizations that rely on Ory's open-source -identity and access control software (Ory Hydra, Ory Kratos, Ory Keto, Ory Oathkeeper, and Ory Polis) in production and -mission-critical environments. It grants access to enterprise-grade features, dedicated support, and builds optimized for -stability, security, and scalability. - -:::info - -Interested in the Ory Enterprise License? -[Contact us to discuss your requirements.](https://www.ory.com/contact) - -::: - -## When to use the Ory Enterprise License - -You should consider the Ory Enterprise License if your organization - -- operates Ory solutions in critical production environments where downtime is unacceptable. -- requires timely patches and updates for security vulnerabilities (CVEs) within specific timeframes. -- needs dedicated support from Ory's core engineering team with guaranteed response times (SLAs) for incident resolution. -- handles high-traffic volumes and large datasets (100GBs scale) requiring optimized database performance and zero-downtime - migrations. -- needs enterprise-specific functionalities not available in the open-source versions, such as the OAuth2 Resource Owner Password - Credentials (ROPC) grant in Ory Hydra or multi-tenancy/organizations features in Ory Kratos. -- requires advanced deployment patterns like multi-region for high availability, disaster recovery, and data domiciling. - -In contrast, open-source builds are well-suited for - -- individuals and researchers exploring Ory's capabilities. -- development and testing environments. -- deployments where occasional downtime for upgrades is acceptable and CVE patching is not required. - -## Benefits of Ory Enterprise License - -All Ory Enterprise builds share common advantages over their open-source counterparts: - -- Regular, up-to-date releases: Enterprise builds are released frequently and include the latest dependencies, addressing known - CVEs in Golang, third-party libraries, and other components. -- Dedicated support & SLAs: OEL holders receive dedicated support channels and are covered by Service Level Agreements (SLAs), - ensuring qualified responses within defined timeframes based on incident priority. -- Drop-in replacement: OEL is designed as direct replacements for open-source installations, requiring no special configuration or - complex migration paths from existing OSS setups. -- Unlocked Enterprise features: The OEL activates exclusive functionalities. Specific enterprise features for each Ory service are - detailed in their respective documentation sections. -- Zero-downtime migrations: Unlike open-source versions that require downtime during upgrades, enterprise builds support - zero-downtime migrations. -- Optimized CockroachDB integration: For deployments with large-scale databases and traffic patterns, an enhanced CockroachDB - integration is available. This provides not only zero-downtime upgrades but also zero-downtime schema migrations by leveraging - CockroachDB's Online schema changes feature. -- Multi-Region deployments: Enterprise builds, when used with CockroachDB, support multi-region deployments. This enables: - - Enhanced high-availability: Go beyond simple Availability Zone (AZ) failover with true multi-region resilience for superior - uptime and disaster recovery. - - Data domiciling: Comply with data privacy regulations like GDPR, CCPA, and others by keeping data in specific geographic - regions while maintaining a global, logical view of all data within a single database. - - Lower latency: Improve application performance for globally distributed users by locating data closer to them. -- Seamless operation: Running, configuring, and using enterprise builds follows the same familiar patterns as the open-source - versions. - -## Use cases - -The Ory Enterprise License is leveraged by organizations requiring robust and scalable identity infrastructure. For instance, -OpenAI utilizes the Ory Enterprise License with Ory Hydra Enterprise to manage authentication for its 400 million weekly active -users, ensuring reliability, massive scale, and uninterrupted service. Read more about -[OpenAI's use of Ory](https://www.ory.com/case-studies/openai). diff --git a/docs/oss/getting-started/index2.mdx b/docs/oss/getting-started/index2.mdx deleted file mode 100644 index a4991bf9d..000000000 --- a/docs/oss/getting-started/index2.mdx +++ /dev/null @@ -1,116 +0,0 @@ ---- -title: Introduction to Ory Open Source ---- - -We provide an open source ecosystem of services with clear boundaries that solve authentication and authorization: - -- Ory Kratos is an identity management server. -- Ory Hydra is an OAuth 2.0 and OpenID Connect provider. -- Ory Oathkeeper is an Identity and Access Proxy. -- Ory Keto is an access control server. - -Each service works standalone but you can also combine them to get the full feature set. If you've never heard of an Identity & -Access Proxy before, or you want to learn more about the individual services and how they play together, stick with us through the -next paragraphs. - -Almost every application has the concept of users and permissions. An anonymous user, for example, is allowed to read blog posts -while certain authenticated users are allowed to write blog posts. While this is the basis for most applications out there, access -control becomes increasingly complex as an application grows. What started out with a user's username and password now shifted to -machine-2-machine interaction, third party developers accessing your user's data, and maybe even a micro service system -architecture. - -Our projects solve the simplest use case and give you the ability to instantly ready the system for more complex scenarios without -painful and slow upgrade processes. - -## Ory Kratos - -![Ory Kratos](https://raw.githubusercontent.com/ory/meta/master/static/logos/logo-kratos.svg) - -The identity management server Ory Kratos enables you to implement user management, login and registration in a secure and -straightforward way. Don't rewrite every aspect of identity management yourself. Ory Kratos implements all common flows such as -login and logout, account activation, mfa/2fa, profile and session management, user facing errors and account recovery methods. -Just spin up a docker image and write a simple UI for it in the language or framework of your choice. Don't worry about GDPR, -address verification or protecting your users data against common and frequently changing attack vectors. Ory Kratos applies -security standards established by experts (National Institute of Sciences NIST, Internet Engineering Task Force IETF, Microsoft -Research, Google Research, Troy Hunt, ..), so you can concentrate on building. You have custom requirements for your users -experience? No problem, implement your own custom flows without hassle. - -## Ory Hydra - -![Ory Hydra](https://raw.githubusercontent.com/ory/meta/master/static/logos/logo-hydra.svg) - -Ory Hydra enables you to become an OAuth 2.0 and OpenID Connect provider. If you're not writing a basic web app but something that -has to work on different devices, that has machine-2-machine interaction, or enables third-party developers to use your API (and -pay for it), then this is what you're looking for. Ory Hydra isn't identity management, though. Instead, it connects to your -existing identity management (for example the one from the paragraph above, or your MySQL+PHP login service, or your Federated -SAML SSO) and is capable of issuing, in a secure and OpenID Certified manner, access, refresh, and ID tokens. Of course, it's -shipped as a 5MB Docker Image with almost no configuration required. - -## Ory Oathkeeper - -![Ory Oathkeeper](https://raw.githubusercontent.com/ory/meta/master/static/logos/logo-oathkeeper.svg) - -Now that your users access your application through, for example, a React/Angular app and a REST api, you need a way to -authenticate the user and to check if they have the necessary permissions (we call this "access control" from now on). One way -would be, of course, to add these checks in your code. Another is to deploy the 5MB Ory Oathkeeper Docker Image, define access -rules for your API endpoints (for example OAuth 2.0 Access Token + certain set of permissions, a valid JSON Web Token, a valid -SAML assertion, ...) and put it - like a firewall - in front of your services. - -## Ory Keto - -![Ory Keto](https://raw.githubusercontent.com/ory/meta/master/static/logos/logo-keto.svg) - -You might start out with a simple permission system. You've got different roles: anonymous users (not logged in), authenticated -users (logged in), and administrators. At some point however, the system gets more complex. You want to distinguish permissions -based on the user's organization, the access time (think time lock in banking), or the billing plan he/she's on. Big cloud -providers such as Amazon Web Services or Google solve this using "Access Control Policies". These policies represent flexible -rules and allow you to express complex access control scenarios. You could, of course, write your own system or spend a bit of -time educating yourself about RBAC, ACL, ABAC, ACP - or (you probably already guessed it) - boot up the 5MB Ory Keto Docker Image. -Ory Keto is able to authenticate different types of credentials (for example OAuth 2.0 Access Tokens, SAML Assertions, JSON Web -Tokens, ...) and allows you to define advanced permission rules ("Access Control Policies"). And there's of course an endpoint -that tells you if a certain set of credentials (for example an OAuth 2.0 Access Token) is allowed to modify that blog post. - -## Ory Polis - -![Ory Polis](https://raw.githubusercontent.com/ory/meta/master/static/logos/logo-polis.svg) - -Ory Polis is your trusted solution for enterprise Single Sign-On (SSO) without the headaches of SAML and OIDC. If you're building -a multi-tenant SaaS platform and your B2B customers need to sign in with their corporate identity providers—like Entra ID, Okta or -Google Workspace - Ory Polis makes it simple. Instead of creating custom SSO flows for each customer and wrestling with complex -SAML configurations, you can deploy the Ory Polis Docker image and be ready in minutes. Ory Polis abstracts away the protocol -complexity by translating SAML into a standard OAuth 2.0 or OIDC flow, creating a seamless bridge between your application and -enterprise identity providers. It’s modular, supports your preferred database, and can be self-hosted for complete control over -data and privacy. Built for flexibility and scale, Ory Polis handles as many tenants and identity providers as your business -demands. If you're delivering enterprise-grade SaaS and need SSO that just works, Ory Polis is the missing link. - -## Ory Elements - -![Ory Elements](https://raw.githubusercontent.com/ory/meta/master/static/logos/logo-elements.svg) - -Ory Elements is a component library that allows you to build custom user interfaces for Ory self-service flows. It provides a set -of pre-built components that can be easily integrated into your application, enabling you to create a seamless user experience -while leveraging Ory's powerful authentication and identity management capabilities. Ory Elements is designed to work with Ory -Kratos' self-service flows, such as login, registration, settings, verification, and recovery, as well as the OAuth2 consent flow. -It allows you to customize the look and feel of your UI to match your brand and user experience requirements. You can use Ory -Elements to build a custom UI that fits your application's design and user experience. - -## Find Your Ory Stack - -Not sure which Ory products you need? Use our [Product Selector](/welcome) to answer a few questions and discover the right Ory -products for your use case. - -## All of Ory Open Source - -```mdx-code-block -import { ProjectOverviewGraph } from "@site/src/pages/_assets/project-overview-graph" - - -``` - -If you were to use the full Ory Ecosystem, it would probably look something like this. Keep in mind that any component shown here -can be replaced or removed, depending on your use case. - -Now you know what this ecosystem has to offer you. To get some more information on the services, read the developer guide by -selecting the software of your choice from the navigation on the left! - -Contact us at [support@ory.com](mailto:support@ory.com) if you need consulting with your specific project.