hydra
by ory
Ory Hydra is a high-performance, OpenID Certified OAuth 2.0 and OpenID Connect provider enabling scalable and customizable identity and authorization management.
Internet-scale OpenID Certified™ OpenID Connect and OAuth2.1 provider that integrates with your user management through headless APIs. Solve OIDC/OAuth2 user cases over night. Consume as a service on Ory Network or self-host. Trusted by OpenAI and many others for scale and security. Written in Go.
Primary Use Case
Ory Hydra is used by developers and organizations to implement OAuth2 and OpenID Connect authorization servers that integrate with existing identity providers, enabling secure authentication and authorization flows. It is ideal for building scalable, cloud-native, API-first identity and access management solutions without managing user credentials directly.
- OpenID Certified OAuth 2.0 and OpenID Connect provider
- Optimized for low-latency, high throughput, and low resource consumption
- Headless, API-first, cloud-native architecture
- Supports integration with external identity providers via login and consent apps
- Pre-built exemplary consent apps and SDKs for common languages
- Compatible with Ory Kratos for identity management
- Available as a managed service on Ory Network or for self-hosting
- Comprehensive admin tools including web console and CLI
Installation
- Clone the repository: git clone https://github.com/ory/hydra.git
- Navigate into the directory: cd hydra
- Build or install using Go tooling (e.g., go install github.com/ory/hydra@latest)
- Refer to official documentation for configuration and deployment details
- Optionally use Ory Network for a fully managed cloud service
Usage
>_ hydra serve allStarts the Hydra server running all services (admin and public endpoints).
>_ hydra clients create --id <client-id> --secret <secret> --grant-types authorization_code,refresh_tokenCreates a new OAuth2 client with specified grant types.
>_ hydra token user --client-id <client-id> --client-secret <secret> --scope <scopes>Generates an OAuth2 access token for a user using client credentials.
>_ hydra migrate sql <database-url>Runs database migrations to prepare the storage backend.
>_ hydra token introspect --token <access-token>Introspects an OAuth2 token to validate and retrieve metadata.
- Integrate Ory Hydra with existing identity providers to centralize authentication and reduce attack surface from credential management.
- Leverage Hydra's API-first and cloud-native architecture to automate secure authorization flows in DevOps pipelines.
- Combine with Ory Kratos for full lifecycle identity management, enhancing compliance auditing and access governance.
- Use Hydra's consent apps to implement fine-grained user consent and improve transparency in access control.
- Deploy Hydra as a managed service on Ory Network to reduce operational overhead and improve security posture with expert maintenance.
Docs Take 2 Hours. AI Takes 10 Seconds.
Ask anything about hydra. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.
3 free chats per tool • Instant responses • No credit card
Related Tools
vaultwarden
dani-garcia/vaultwarden
Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs
authelia
authelia/authelia
The Single Sign-On Multi-Factor portal for web apps, now OpenID Certified™
keepassxc
keepassxreboot/keepassxc
KeePassXC is a cross-platform community-driven port of the Windows application “KeePass Password Safe”.
infisical
Infisical/infisical
Infisical is the open-source platform for secrets, certificates, and privileged access management.
authentik
goauthentik/authentik
The authentication glue you need.
teleport
gravitational/teleport
The easiest, and most secure way to access and protect all of your infrastructure.