Add user registration, login, and password recovery to your web app without building any authentication logic yourself.
Enable social sign-in via Google or GitHub and multi-factor authentication (TOTP, passkeys) for your users.
Run a self-hosted identity provider on Kubernetes connected to your existing PostgreSQL or MySQL database.
Replace a custom login system with a headless identity service your own frontend UI controls the look of.
| ory/kratos | projectdiscovery/subfinder | casdoor/casdoor | |
|---|---|---|---|
| Stars | 13,639 | 13,617 | 13,604 |
| Language | Go | Go | Go |
| Setup difficulty | hard | easy | moderate |
| Complexity | 4/5 | 2/5 | 4/5 |
| Audience | developer | ops devops | ops devops |
Figures from each repo's GitHub metadata at analysis time.
Requires a running PostgreSQL or MySQL database and a server or Kubernetes cluster to deploy the service.
Ory Kratos is an open-source system for managing user accounts and identity, written in Go. Its purpose is to handle everything related to who a user is and how they log in, so that application developers do not have to build those pieces themselves. It covers user registration, login, password recovery, email verification, multi-factor authentication, and profile management, all exposed through HTTP APIs. The core idea is that instead of each application reinventing its own login system, Kratos acts as a shared service that handles identity. Your own application's frontend handles what the login page looks like, but the logic behind it (checking credentials, issuing sessions, locking accounts) comes from Kratos. This makes Kratos what the README calls "headless," meaning it has no built-in user interface of its own. It supports a range of authentication methods: passwords, passkeys, biometric login, social sign-in through providers like Google or GitHub, SMS codes, TOTP (time-based one-time passwords), SAML, and magic links. For organizations that need single sign-on across multiple apps, Kratos can be paired with Ory Hydra, another project from the same team that handles the OAuth2 and OpenID Connect protocol layer. You can run Kratos in two ways. The first is self-hosted, where you install it on your own server or Kubernetes cluster and connect it to a database like PostgreSQL or MySQL. The second is as a managed service through the Ory Network, where Ory runs the infrastructure for you. The open-source version is free to self-host. Enterprise features like SAML, SCIM, and SLA-backed support require a commercial license. The README reports that the Ory stack processes over seven billion API requests per day across thousands of companies, and the Ory community has more than 50,000 members.
Ory Kratos is an open-source identity management system that handles user registration, login, password recovery, multi-factor authentication, and social sign-in so you don't have to build any of it yourself.
Mainly Go. The stack also includes Go, PostgreSQL, MySQL.
Free to self-host as open source, enterprise features like SAML and SCIM require a paid commercial license.
Setup difficulty is rated hard, with roughly 1h+ to a first successful run.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.