The cloud native OAuth 2.0 and OpenID Connect server

Authenticate third party users and secure access to your applications and APIs with Ory Hydra.

Existing solutions lack flexibility and granular control, limiting adaptability to specific business needs. Ory Hydra integrates with your infrastructure, giving you complete control over authentication workflows.

Need support?

Hydra is available via Ory Enterprise License: self-hosted control + 24x7 support.

Need to move quickly?

Get the power of Hydra fast and easily via the Ory Network. Sign up for free!

Millions of users. Unlimited scale.

Ory Hydra powers systems with millions of customers and serving thousands of users per second.

Integrate everywhere

Ory Hydra is written in Go and we provide SDKs for almost every language including Dart, .NET, Go, Java, PHP, Python, Ruby, Rust and Typescript. It works with any login system and it is easy to customize the login experience. Follow our step by step documentation and integrate Hydra in a snap.

Interface the web securely

Ory Hydra is the most advanced OAuth 2.0 and OIDC Certified® Server, and the only one that is open source. It integrates with any login system and allows you to interface with any application, anywhere.

Powered by Open Source

Ory Hydra offers deployment flexibility. With open source roots, Ory Hydra has grown to offer different models to suit your business needs. Deploy open-source, opt for Ory Enterprise License with additional features and support, or use the fully managed Ory Network for a seamless SaaS experience.

Integrate everywhere

Interface the web securely

Powered by Open Source

Benjamin Billings

Engineering Manager, Identity Platforms

OpenAI wanted a partner that could help enable our vision for owning our identity processes, data, and success. We have a lot of partners, and Ory is one of our best.

Case study

Ory Hydra features at a glance

Integrates everywhere
Implement the full Open Authorization 2.0 standard in your technology stack. Ory Hydra integrates with any open source (e.g. Ory Kratos) or proprietary IAM system.
OpenID Certified®
Rely on an OpenID Certified® OIDC Provider. Ory Hydra implements all flows specified by the IETF and OpenID Foundation.
Bring your own UX
Use your branding and user interfaces for all OAuth2.0 and OpenID Connect flows. Your own styles and flows powered by a robust API and intuitive CLI.
Compatible with MITREid
Migrate from MITREid Connect to Ory Hydra. Migration documentation is provided.
Cryptographic key storage
Encrypt cryptographic keys for e.g. signing JWTs, store them securely and manage OAuth 2.0 clients directly from the CLI.
Security first and high performance
Sleep easy, knowing that Ory Hydra is designed to reduce security incidents and scales as required. Ory Hydra serves tokens to millions of users weekly and just works.

How to de-risk identity at scale

OSS is where most teams start. The question is whether it holds up as scale, compliance, and security requirements grow. Running identity infrastructure yourself means owning everything, from patches to incident response, compliance controls, and performance tuning. At enterprise scale, that overhead competes with product innovation. Ory's commercial offerings, OEL and Ory Network, trade that burden for SLA-backed support, managed CVE patching, and audit-ready controls.

OSS

Evaluate and prototype

OEL

Self-hosted, great for enterprises that require air-gapped or certified environments

Ory Network

Fully-managed, fastest path to production without operational overhead

Compliance and audit-ready (GDPR, PSD2, PCI-DSS, SOC 2, and others)

Compliance-ready

Compliance and audit-ready (GDPR, PSD2, PCI-DSS, SOC 2, and others)

Global multi-region architecture

Multi-region capable

Global multi-region architecture

Purpose-based data retention

24/7 SLA support

CVE security patching

Unified control plane for ease of management

CLI

Unified control plane for ease of management

CLI & GUI

Unified control plane for ease of management

CLI & GUI

Production Helm Charts

n/a

Managed infrastructure

n/a

Managed infrastructure

OAuth 2.0 + OpenID Connect with OAuth 2.1 support*

OpenID Certified®

High performance pooling

Stateless JWT access tokens

Credential rotation

Token exchange

Resource Owner Password Credentials (ROPC)

Deploy Ory Hydra on your preferred infrastructure

Deploy on any infrastructure and take full control over authentication and user workflows of your application.

Integrations

Ready to try Ory Hydra?

Get started with the guides and docs below

Documentation Quickstart CLI Guide

oauth2-client.js

const express = require('express');
const app = express();

const { AuthorizationCode } = require("simple-oauth2")

const client = new AuthorizationCode({
  client: {
    id: process.env.CLIENT_ID,
    secret: process.env.CLIENT_SECRET,
  },
  auth: {
    tokenHost: "https://<your-project>.projects.oryapis.com",
    tokenPath: "/oauth2/token",
    authorizePath: "/oauth2/auth",
  },
})

app.get("/", (req, res) => {
  const authorizationUri = client.authorizeURL({
    redirect_uri: REDIRECT_URI,
    scope: "openid offline",
  })

  res.redirect(authorizationUri)
})

app.get("/callback", async (req, res) => {
  const { code } = req.query

  try {
    const accessToken = await client.getToken({
      code,
      redirect_uri: process.env.REDIRECT_URI,
      scope: "openid offline",
    })

    res.json(accessToken.token)
  } catch (error) {
    res.status(500).json({ error: error.message })
  }
})