undefined | Better HN

0 pointsbrulard4mo ago0 comments

Oh, I wanted to escape the Kratos hell by migrating to Keycloak and you say Kratos was created to actually be a better alternative? Well I have to say I had a very hard time implementing browser flows, configuration is a mess, not everything working through yaml configs works as env var. Documentation is a mess. All in all, it took months what should have been weeks at most. Sorry for the negativity, but it is one of the software pieces I really wish I have avoided.

0 comments

vinckr4mo ago

sorry to hear that, hope you have a better experience going forward. if you feel like it send me some details on what was most painful and we'll fix it.

bogomipblips4mo ago

Just from looking right now, I'm a bit puzzled by being told right away that it has all open APIs in a warning in the install guide. Would I really want to tell someone to try starting something for our security that is an immediate attack vector?

vinckr4mo ago

if you leave the admin APIs unsecured in production it is an attack vector, not sure what you would prefer being told here?

It says "When deploying Ory open-source Servers, protect access to their APIs using Ory Oathkeeper or a comparable API Gateway."

1 more reply

j / k navigate · click thread line to collapse

0 pointsbrulard4mo ago0 comments

0 comments

vinckr4mo ago

sorry to hear that, hope you have a better experience going forward. if you feel like it send me some details on what was most painful and we'll fix it.

bogomipblips4mo ago

vinckr4mo ago

if you leave the admin APIs unsecured in production it is an attack vector, not sure what you would prefer being told here?

It says "When deploying Ory open-source Servers, protect access to their APIs using Ory Oathkeeper or a comparable API Gateway."

1 more reply

j / k navigate · click thread line to collapse