oathkeeper

command module
v0.11.12 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 7, 2018 License: Apache-2.0 Imports: 1 Imported by: 0

README

Chat | Forums | Newsletter

Guide | API Docs | Support us on patreon!

ORY Oathkeeper is an Identity & Access Proxy (IAP) that authorizes HTTP requests based on sets of rules. The BeyondCorp Model is designed by Google and secures applications in Zero-Trust networks. An Identity & Access Proxy is typically deployed in front of (think API Gateway) web-facing applications and is capable of authenticating and optionally authorizing access requests.

ORY Oathkeeper is a reverse proxy which evaluates incoming HTTP requests based on a set of rules that are defined by administartive users. ORY Oathkeeper is thus capable of:

  • Identifying the user and providing the user session in form of a JSON Web Token.
  • Restricting access to certain resources based on a set of rules (Authorization).

We plan to generalize this software and make it compatible with Authentication and Authorization providers. For now, this proxy integrates best ORY Hydra. Please file an issue if you would like to see your favorite Auth* provider integrated.

This service is under active development and may introduce breaking changes in future releases.

CircleCI Coverage Status Go Report Card


Installation

The easiest way to install ORY Oathkeeper is using the Docker Hub Image:

docker run oryd/oathkeeper:<version> help

Ecosystem

ORY Security Console

ORY Security Console: Administrative User Interface

The ORY Security Console. connects with your existing ORY Hydra and ORY Oathkeeper isntallation and lets you manage and monitor them through an intuitive UI.

ORY Hydra

ORY Hydra is a hardened OAuth2 and OpenID Connect server optimized for low-latency, high throughput, and low resource consumption. ORY Hydra is not an identity provider (user sign up, user log in, password reset flow), but connects to your existing identity provider through a consent app.

Security

Disclosing vulnerabilities

If you think you found a security vulnerability, please refrain from posting it publicly on the forums, the chat, or GitHub and send us an email to hi@ory.am instead.

Telemetry

ORY Oathkeeper collects summarized, anonymized telemetry which can optionally be turned off. Click here to learn more.

Documentation

Guide

The Guide is available here.

HTTP API documentation

The HTTP API is documented here.

Upgrading and Changelog

New releases might introduce breaking changes. To help you identify and incorporate those changes, we document these changes in UPGRADE.md and CHANGELOG.md.

Command line documentation

Run oathkeeper -h or oathkeeper help.

Develop

Developing with ORY Hydra is as easy as:

go get -d -u github.com/ory/oathkeeper
cd $GOPATH/src/github.com/ory/oathkeeper
dep ensure
go test ./...

Then run it with in-memory database:

DATABASE_URL=memory go run main.go serve all

Documentation

Overview

Package main ORY Oathkeeper

ORY Oathkeeper is a reverse proxy that checks the HTTP Authorization for validity against a set of rules. This service uses Hydra to validate access tokens and policies.

Schemes: http, https
Host:
BasePath: /
Version: Latest
Contact: ORY <hi@ory.am> https://www.ory.am

Consumes:
- application/json

Produces:
- application/json

Extensions:
---
x-request-id: string
x-forwarded-proto: string
---

swagger:meta

Directories

Path Synopsis
sdk

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL