OpenID Certified OAuth 2.0 and OpenID Connect server for SSO, API access, and machine-to-machine authorization
- Stars17.2k
- Forks1.6k
- Open Issues139
Apache-2.0
- Go
- Ruby
- JavaScript
About Ory Hydra
Ory Hydra is an OpenID Certified OAuth 2.0 server and OpenID Connect provider. It handles OAuth2 and OpenID Connect flows, token issuance and validation, client management, login and consent orchestration, and JWKS management for SSO, API access, and machine-to-machine authorization.
Hydra is standalone and does not include user management. It connects to an existing identity provider through a login and consent app, so teams can use Ory Kratos, authboss, User Frosting, or a proprietary system while controlling UI and experience flows. It implements IETF OAuth standards, OpenID Connect Core, discovery, dynamic registration, and front-channel and back-channel logout.
It runs as a managed service on Ory Network or as a self-hosted service under your own control. Self-hosted installs cover Linux, macOS, Windows, Docker, Kubernetes, PostgreSQL, MySQL, and CockroachDB. Hydra is written in Go, with an open source distribution and an Ory Enterprise License for business-critical systems.
Key features
- OAuth 2.0 and OpenID Connect flows
- Token issuance, validation, revocation, and introspection
- Client management and dynamic client registration
- Login and consent flow orchestration with existing identity providers
- JWKS management and OpenID Connect discovery
Details
- First released
- 2015
- Self-hosting
- Linux · Mac · Win · Docker
- Managed service
- Ory Network
- Certification
- OpenID Certified Provider
- Databases
- PostgreSQL · MySQL · CockroachDB
- User management
- External identity provider