I started the project Ory Hydra back in 2015 as a side project, and it has now become a full time job with a dedicated team! Ory Hydra is used at a lot of companies and we have since started with some other projects such as ORY Kratos (https://github.com/ory/kratos).
If you have any questions regarding Hydra, Ory, Golang, or open source - I am more than happy to answer!
edit:// Signing off - if you have any questions for maintainers feel free to check out the ory slack channel or ask on the GitHub discussions board!
Thank you, appreciate it a lot! Regarding your questions:
1. Almost never - it's a lot of work to get from a library to a server that has a strong persistence layer, is scalable, has all the management around it (e.g. write and create clients). Also, upgrading a server is much easier than upgrading a library!
2. We plan to have ORY Kratos v0.6 out of alpha (what we call sandbox) and in "incubating" status. That means that we feel confident that APIs won't change as much an more but there is still risk that you have to deal with some breaking changes. For version 1.0 it is probably going to land in 2022, as we usually stay 1 year in sandbox, 1 year in incubating and if everything has stabilized go to stable. Having said that, you can still use this stuff in prod. For us, alpha/sandbox just means: "Careful, there will be breaking changes!". But we never release insecure, untested or half-baked stuff.
What was your mentality around choosing the license (Apache) in regards to the business you hope(d) to build around the Ory offerings?
Also I have to say that about a year ago I wanted to teach myself about OAuth and I find almost every online guide and book to be terrible (and usually trying to sell me something). Two things finally put it all together for me: reading the OIDC spec and reading the Hydra & Kratos code and docs.
Thank you for the question! There are not many licenses to choose from that people accept. For example GPL and AGPL are generally frowned upon. I think Apache 2.0 offers the greatest freedom, while being more nuanced than MIT. It helps with borad community contribution and adoption which was the initial goal (never intended for this to become a business, it just so happened).
> Also I have to say that about a year ago I wanted to teach myself about OAuth and I find almost every online guide and book to be terrible (and usually trying to sell me something). Two things finally put it all together for me: reading the OIDC spec and reading the Hydra & Kratos code and docs.
Awesome! I was in the exact same boat. Usually OAuth2 is a marketing thing for companies that are closed source, because it is the only "open" thing they can offer. Then they bend the protocol to fit the actual use case - which is sign in, registration, and so on. OAuth2 was never intended to be a protocol for "login". It's a protocol for Developer X to get access to your Facebook Fotos.
My personal goal with Ory is to educate people around security (good security is easy, not hard) and clean up the misconceptions. I hope this helps the developer ecosystem become more secure and better educated as a whole!
I started the project Ory Hydra back in 2015 as a side project, and it has now become a full time job with a dedicated team! Ory Hydra is used at a lot of companies and we have since started with some other projects such as ORY Kratos (https://github.com/ory/kratos).
If you have any questions regarding Hydra, Ory, Golang, or open source - I am more than happy to answer!
edit:// Signing off - if you have any questions for maintainers feel free to check out the ory slack channel or ask on the GitHub discussions board!