I've been exploring Ory Kratos for a project and love the concept, especially since I just need authentication (authorization is managed elsewhere). I created a small proof of concept (PoC) and noticed several inconsistencies within the API, documentation, and examples. The activity in the repository also seems a bit low lately, which raises my concern. Given these factors, I'm curious if anyone has experience with the self-hosted version of Kratos and can share their thoughts on whether it's a reliable option to consider for projects in 2025.
2 Answers
Definitely go for Ory in 2025! It's a solid choice, and the recent updates to Ory Elements have really enhanced its usability, especially for frameworks like React and Next.js. The developers are actively maintaining Ory Kratos, and the release frequency is improving this year. Plus, regarding the licensing, you won't have the complications tied to Zitadel's AGPL. If you're unsure, you can try their SaaS version for free to see if it meets your requirements before switching to a self-hosted setup. Just my advice: avoid creating a custom UI from scratch at this point since it can take up a lot of your time; stick to Ory Elements or their UI examples for now!
I can't speak for Ory's self-hosting capabilities, but you might want to check out Zitadel too. They have solid support for OSS and self-hosting. Zitadel can handle authentication for your app, plus you can implement your own authorization model. They've got RBAC options, giving you lots of flexibility. If you want more details, just let me know!
I appreciate the suggestion! I looked into Zitadel some years ago, but it was still in its early stages. It looks much better now, but I'm concerned about its limitations since I need forward-auth functionality. I might have to use an oauth-proxy with my reverse-proxy setup. Also, I'm unsure about how to manage PATs since they seem like long-lived JWTs. Do you know how revocation works without a revocation list?
Thanks for the input! I just started using Kratos a week ago, intending to implement a custom UI for login/registration/verification but use pre-built components for admin. I got it mostly working, but I ran into quirks with the UI node models and the fetch-api-client. Unfortunately, we're based on SvelteKit, so Ory Elements isn't an option for us.