Chat | Discussions | Newsletter

Guide | API Docs | Code Docs

Support this project!

Work in Open Source, Ory is hiring!

Ory Hydra is a hardened, OpenID Certified OAuth 2.0 Server and OpenID Connect Provider optimized for low-latency, high throughput, and low resource consumption. Ory Hydra is not an identity provider (user sign up, user login, password reset flow), but connects to your existing identity provider through a login and consent app. Implementing the login and consent app in a different language is easy, and exemplary consent apps (Node) and SDKs for common languages are provided.

Ory Hydra can use Ory Kratos as its identity server.

Ory Hydra on the Ory Network

The Ory Network is the fastest, most secure and worry-free way to use Ory's Services. Ory OAuth2 & OpenID Connect is powered by the Ory Hydra open source federation server, and it's fully API-compatible.

The Ory Network provides the infrastructure for modern end-to-end security:

• Identity & credential management scaling to billions of users and devices
• Registration, Login and Account management flows for passkey, biometric, social, SSO and multi-factor authentication
• Pre-built login, registration and account management pages and components
• OAuth2 and OpenID provider for single sign on, API access and machine-to-machine authorization
• Low-latency permission checks based on Google's Zanzibar model and with built-in support for the Ory Permission Language

It's fully managed, highly available, developer & compliance-friendly!

• GDPR-friendly secure storage with data locality
• Cloud-native APIs, compatible with Ory's Open Source servers
• Comprehensive admin tools with the web-based Ory Console and the Ory Command Line Interface (CLI)
• Extensive documentation, straightforward examples and easy-to-follow guides
• Fair, usage-based pricing

Sign up for a free developer account today!

Ory Network Hybrid Support Plan

Ory offers a support plan for Ory Network Hybrid, including Ory on private cloud deployments. If you have a self-hosted solution and would like help, consider a support plan! The team at Ory has years of experience in cloud computing. Ory's offering is the only official program for qualified support from the maintainers. For more information see the website or book a meeting!

Get Started

You can use Docker to run Ory Hydra locally or use the Ory CLI to try out Ory Hydra:

# This example works best in Bash
bash <(curl https://raw.githubusercontent.com/ory/meta/master/install.sh) -b . ory
sudo mv ./ory /usr/local/bin/

# Or with Homebrew installed
brew install ory/tap/cli

create a new project (you may also use Docker)

ory create project --name "Ory Hydra 2.0 Example"
project_id="{set to the id from output}"

and follow the quick & easy steps below.

OAuth 2.0 Client Credentials / Machine-to-Machine

Create an OAuth 2.0 Client, and run the OAuth 2.0 Client Credentials flow:

ory create oauth2-client --project $project_id \
    --name "Client Credentials Demo" \
    --grant-type client_credentials
client_id="{set to client id from output}"
client_secret="{set to client secret from output}"

ory perform client-credentials --client-id=$client_id --client-secret=$client_secret --project $project_id
access_token="{set to access token from output}"

ory introspect token $access_token --project $project_id

OAuth 2.0 Authorize Code + OpenID Connect

Try out the OAuth 2.0 Authorize Code grant right away!

By accepting permissions openid and offline_access at the consent screen, Ory refreshes and OpenID Connect ID token,

ory create oauth2-client --project $project_id \
    --name "Authorize Code with OpenID Connect Demo" \
    --grant-type authorization_code,refresh_token \
    --response-type code \
    --redirect-uri http://127.0.0.1:4446/callback
code_client_id="{set to client id from output}"
code_client_secret="{set to client secret from output}"

ory perform authorization-code \
    --project $project_id \
    --client-id $code_client_id \
    --client-secret $code_client_secret
code_access_token="{set to access token from output}"

ory introspect token $code_access_token --project $project_id

• What is Ory Hydra?
  • Who's using it?
  • OAuth2 and OpenID Connect: Open Standards!
  • OpenID Connect Certified
• Quickstart
  • Installation
• Ecosystem
  • Ory Kratos: Identity and User Infrastructure and Management
  • Ory Hydra: OAuth2 & OpenID Connect Server
  • Ory Oathkeeper: Identity & Access Proxy
  • Ory Keto: Access Control Policies as a Server
• Security
  • Disclosing vulnerabilities
• Benchmarks
• Telemetry
• Documentation
  • Guide
  • HTTP API documentation
  • Upgrading and Changelog
  • Command line documentation
  • Develop
    • Dependencies
    • Formatting Code
    • Running Tests
      • Short Tests
      • Regular Tests
    • E2E Tests
      • OpenID Connect Conformity Tests
    • Build Docker
    • Run the Docker Compose quickstarts
    • Add a new migration
• Libraries and third-party projects

What is Ory Hydra?

Ory Hydra is a server implementation of the OAuth 2.0 authorization framework and the OpenID Connect Core 1.0. Existing OAuth2 implementations usually ship as libraries or SDKs such as node-oauth2-server or Ory Fosite, or as fully featured identity solutions with user management and user interfaces, such as Keycloak.

Implementing and using OAuth2 without understanding the whole specification is challenging and prone to errors, even when SDKs are being used. The primary goal of Ory Hydra is to make OAuth 2.0 and OpenID Connect 1.0 better accessible.

Ory Hydra implements the flows described in OAuth2 and OpenID Connect 1.0 without forcing you to use a "Hydra User Management" or some template engine or a predefined front-end. Instead, it relies on HTTP redirection and cryptographic methods to verify user consent allowing you to use Ory Hydra with any authentication endpoint, be it Ory Kratos, authboss, User Frosting or your proprietary Java authentication.

Who's using it?

The Ory community stands on the shoulders of individuals, companies, and maintainers. The Ory team thanks everyone involved - from submitting bug reports and feature requests, to contributing patches and documentation. The Ory community counts more than 33.000 members and is growing rapidly. The Ory stack protects 60.000.000.000+ API requests every month with over 400.000+ active service nodes. None of this would have been possible without each and everyone of you!

The following list represents companies that have accompanied us along the way and that have made outstanding contributions to our ecosystem. If you think that your company deserves a spot here, reach out to office@ory.sh now!

Type	Name	Logo	Website
Adopter *	Raspberry PI Foundation		raspberrypi.org
Adopter *	Kyma Project		kyma-project.io
Adopter *	Tulip		tulip.com
Adopter *	Cashdeck / All My Funds		cashdeck.com.au
Adopter *	Hootsuite		hootsuite.com
Adopter *	Segment		segment.com
Adopter *	Arduino		arduino.cc
Adopter *	DataDetect		unifiedglobalarchiving.com/data-detect/
Adopter *	Sainsbury's