Ory Hydra is a hardened, OpenID Certified OAuth 2.0 Server and OpenID Connect Provider optimized for low-latency, high throughput, and low resource consumption. It connects to your existing identity provider through a login and consent app, giving you absolute control over the user interface and experience.
Ory Hydra is a server implementation of the OAuth 2.0 authorization framework and the OpenID Connect Core 1.0. It follows cloud architecture best practices and focuses on:
We recommend starting with the Ory Hydra introduction docs to learn more about its architecture, feature set, and how it compares to other systems.
Ory Hydra is designed to:
Ory Hydra implements Open Standards set by the IETF:
and the OpenID Foundation:
Ory Hydra is an OpenID Foundation certified OpenID Provider (OP).
<img src="https://github.com/ory/docs/blob/master/docs/hydra/images/oidc-cert.png" alt="Ory Hydra is a certified OpenID Providier" width="256px">
The following OpenID profiles are certified:
code)id_token, id_token+token)code+id_token, code+id_token+token, code+token)To obtain certification, we deployed the reference user login and consent app (unmodified) and Ory Hydra v1.0.0.
You can run Ory Hydra in two main ways:
The Ory Network is the fastest way to use Ory services in production. Ory OAuth2 & OpenID Connect is powered by the open source Ory Hydra server and is API compatible.
The Ory Network provides:
Sign up for a free developer account to get started.
You can run Ory Hydra yourself for full control over infrastructure, deployment, and customization.
The install guide explains how to:
This guide uses the open source distribution to get you started without license requirements. It is a great fit for individuals, researchers, hackers, and companies that want to experiment, prototype, or run unimportant workloads without SLAs. You get the full core engine, and you are free to inspect, extend, and build it from source.
If you run Hydra as part of a business-critical system, for example OAuth2 and OpenID Connect for all your users, you should use a commercial agreement to reduce operational and security risk. The Ory Enterprise License (OEL) layers on top of self-hosted Hydra and provides:
For guaranteed CVE fixes, current enterprise builds, advanced features, and support in production, you need a valid Ory Enterprise License and access to the Ory Enterprise Docker registry. To learn more, contact the Ory team.
Install the Ory CLI and create a new project to try Ory OAuth2 & OpenID Connect.
# Install the Ory CLI if you do not have it yet:
bash <(curl https://raw.githubusercontent.com/ory/meta/master/install.sh) -b . ory
sudo mv ./ory /usr/local/bin/
# Sign in or sign up
ory auth
# Create a new project
ory create project --create-workspace "Ory Open Source" --name "GitHub Quickstart" --use-project
Try out the OAuth 2.0 Client Credentials flow:
ory create oauth2-client \
--name "Client Credentials Demo" \
--grant-type client_credentials
# Note the client ID and secret from output
ory perform client-credentials \
--client-id <your-client-id> \
--client-secret <your-client-secret>
# Note the access token from output
ory introspect token <your-access-token>
Try out the OAuth 2.0 Authorize Code + OpenID Connect flow:
ory create oauth2-client \
--name "Authorize Code with OpenID Connect Demo" \
--grant-type authorization_code,refresh_token \
--response-type code \
--redirect-uri http://127.0.0.1:4446/callback
ory perform authorization-code \
--client-id <your-client-id> \
--client-secret <your-client-secret>
The Ory community stands on the shoulders of individuals, companies, and maintainers. The Ory team thanks everyone involved - from submitting bug reports and feature requests, to contributing patches and documentation. The Ory community counts more than 50.000 members and is growing. The Ory stack protects 7.000.000.000+ API requests every day across thousands of companies. None of this would have been possible without each and everyone of you!
The following list represents companies that have accompanied us along the way and that have made outstanding contributions to our ecosystem. If you think that your company deserves a spot here, reach out to office@ory.com now!
| Name | Logo | Website | Case Study |
|---|---|---|---|
| OpenAI |
|
openai.com | OpenAI Case Study |
| Fandom |
|
fandom.com | Fandom Case Study |
| Lumin |
|
luminpdf.com | Lumin Case Study |
| Sencrop |
|
sencrop.com | Sencrop Case Study |
$ claude mcp add hydra \
-- python -m otcore.mcp_server <graph>