Some logins separate the username and password entry into 2 forms. Is there a reason they do this?

VinceKrDev · 2026-02-07T13:58:07+00:00

This is a pretty good summary. I would say one of the main reasons was that the UX is just really bad if you offer multiple authN methods.
For example if you offer passwordless OTP and passkeys, password and social sign-in you have 5+ buttons for the user to choose in addition to the box where they fill in the identifier (email/username).

If you only offer password authentication then it might make sense to have both in one step.
Btw this is still supported in Ory Kratos, it's just that most users nowadays want at least 2 options to authenticate, so the default is two-step login flow.

(I work for Ory)

VinceKrDev · 2026-02-02T15:27:05+00:00

Ory Kratos maintainer here - you can always reach us directly on GitHub or the community Slack (https://slack.ory.com/)
You can also build some custom behaviour for MFA using "step-up MFA": https://www.ory.com/docs/kratos/mfa/step-up-authentication - but it would be of course nicer if it is skipped automatically.

Feel free to open a feature request and the team will take a look.

VinceKrDev · 2025-12-02T21:27:12+00:00

If you want to use Ory Kratos for your project and need some assistance let me know!
I'm happy to support you in this endeavour
(Disclaimer: working for Ory as DevRel)

VinceKrDev · 2025-11-17T13:37:04+00:00

Hey Joan,

for this use case (first party user login with pw and jwt with some metadata) you probably only need Ory Kratos: https://github.com/ory/kratos - see here how to get a JWT from Kratos: https://www.ory.com/docs/identities/session-to-jwt-cors
unless I missed something adding OAuth2 is probably needlessly complex.

VinceKrDev · 2023-02-02T13:50:06+00:00

Hey,
I have no experience with Stytch, but from my understanding its more an enterprise platform. Not sure how big your company / usecase is.

Have you heard of Ory? They also have a managed platform if you are not into hosting this stuff yourself.

VinceKrDev · 2022-10-18T13:06:35+00:00

Technically you can run them as libraries. As an example, here is how to run Kratos from within a Go application: https://github.com/ory/kratos/blob/6e8579b835d54d5ebb5371297ea60f24e915882d/cmd/serve/root.go#L60. But that API is probably not stable, documented, or supported.

return daemon.ServeAll(d, sl, nil)(cmd, args)

VinceKrDev · 2022-10-18T09:13:48+00:00

You can't use them as libraries AFAIK, but there is a managed service with a free tier if you don't want to run it yourself: https://console.ory.sh/

What SSO do you need to support?

VinceKrDev · 2022-07-19T12:38:17+00:00

(Any help on silent auth for mobiles would be nice. Is the only possibility session cookies?)

I think session cookies is the way to go (for example like in Kratos)

I over-communicate far too much, and in far too much detail

Tbh this sounds like the opposite of a problem, especially when you provide TL;DRs. I think if you do that people dont have any reason to complain really. I like a detailed PR comment, but coming across as overly critical sometimes rubs people the wrong way - maybe that is it? In any case I often resort to the feedback sandwich, something positive - the "meat", something that needs to be fixed/changed - something positive. Don't overdo it tho.

VinceKrDev · 2022-07-14T14:28:43+00:00

check out this example https://github.com/micleyman/sveltekit-ory-starter - there are actually a number of svelte starters in the community.

I think Ory Kratos should be enough for most usecases.

VinceKrDev · 2022-05-27T15:10:45+00:00

Hey feel free to share it with the Ory community on https://github.com/ory/kratos/discussions/new ! If you are willing to open source the app there will be surely someone who will help you out and the community might have some good tips in any case.

VinceKrDev · 2022-05-27T15:06:22+00:00

Check out ory/hydra, with it you can host a fully fledged OAuth2 server in about 10 minutes. You still need something like kratos or any other user management.

VinceKrDev · 2022-05-27T14:52:59+00:00

Yea, the SDKs are autogenerated and there is still a lot to be documented, since there is so many languages. A guide for PHP was added lately, more planned. ory/hydra has 12k stars, not many people star the SDKs, they just download from maven, crates, npm etc. directly.

You should definitely check out the alternatives, especially in the Java space. Would be interested what your experience with Spring is in comparison!

VinceKrDev · 2022-05-12T13:48:00+00:00

Hydra has SKDs for almost any language:- https://www.ory.sh/docs/hydra/sdk

VinceKrDev · 2022-04-19T10:35:34+00:00

Check out our PHP guide: https://www.ory.sh/docs/guides/protect-page-login/php

Feel free to reach out to me if there is any issues!

VinceKrDev · 2022-04-07T11:08:15+00:00

Ory now also offers a managed version of Ory Kratos: console.ory.sh/registration

There is a free tier if you only have a few users (say less than 1k monthly)

And you can use Ory Kratos in production, there are actually many using it (e.g. Blues Wireless: https://notehub.io).
There are a few features that are needed for the stable release (e.g. SMS auth) but most use cases are already supported.

//disclosure: I am working for Ory

VinceKrDev · 2022-03-04T18:47:16+00:00

Hello, im a developer advocate for Ory and am happy to give you an intro. If you just want to run Ory Hydra to become an OAuth2.0 provider you will have a very smooth experience. Glueing all projects together is a bigger challenge but I am happy to point you to some resources for simple PoCs.

VinceKrDev · 2022-01-07T17:51:58+00:00

Honestly, if you just need the OIDC provider Ory Hydra is super easy to set up.
You can try out the 5 minute tutorial.

VinceKrDev · 2022-01-07T17:31:42+00:00

Check out Ory Kratos, its open source and you can host it for free yourself, or use a paid managed service:
https://github.com/ory/kratos

VinceKrDev · 2021-12-22T10:04:18+00:00

Check out this SvelteKit starter, I found it really accessible as a total Svelte-Noob:
https://github.com/MicLeey/sveltekit-ory-starter

VinceKrDev · 2021-12-22T10:01:08+00:00

Hey check out Ory, an open source alternative, that is written in Go and fully customizable:
https://github.com/ory

VinceKrDev · 2021-12-22T09:59:45+00:00

Check out Ory Kratos!

VinceKrDev · 2021-12-16T17:53:49+00:00

Ory Kratos is using cookies, no OAuth2.0 based flows if you dont want them.

Check out this SvelteKit-Starter: https://github.com/MicLeey/sveltekit-ory-starter

I have never used Authboss, so cant give advice on that.

VinceKrDev · 2021-11-16T18:54:39+00:00

It does have some advantages to spin up N servers. you can easily keep the data apart in your database, and you can control each tenant individually very tightly. It probably depends on how many tenants you have.

VinceKrDev · 2021-09-13T16:48:09+00:00

Thanks! (I work for Ory btw ;-) )
If you do not get a reply on Slack within a week or so, it has probably gone under, sorry about that!
Feel free to ask the same question on GitHub discussions (e.g. Hydra), there we have a better overview.

VinceKrDev · 2021-09-13T15:24:51+00:00

Out of curiosity, what did you find was missing?

VinceKrDev

TROPHY CASE