whatisgithub

What is hydra?

ory/hydra — explained in plain English

Analysis updated 2026-06-24

17,132GoAudience · developerComplexity · 4/5Setup · hard

In one sentence

Ory Hydra is an open-source OAuth 2.0 and OpenID Connect server that handles token issuance, client management, and single sign-on without managing users itself, you wire it to your own login UI and identity store.

Mindmap

mindmap
  root((ory/hydra))
    What it does
      OAuth2 server
      OpenID Connect
      Token issuance
      JWKS key management
    How it works
      No built-in users
      Delegate login UI
      Protocol handling
      Client management
    Deployment
      Docker
      Kubernetes
      PostgreSQL
      MySQL
    Use Cases
      Single sign-on
      API access tokens
      Identity provider
      Third-party login
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Add single sign-on across multiple apps in your company without writing OAuth2 from scratch.

USE CASE 2

Issue and validate API access tokens for your own developer platform or SaaS product.

USE CASE 3

Build an identity provider that lets third-party apps log in with your platform's accounts.

USE CASE 4

Replace a paid identity service by self-hosting Hydra on Kubernetes with PostgreSQL or MySQL.

What is it built with?

GoPostgreSQLMySQLCockroachDBDockerKubernetes

How does it compare?

ory/hydrajulienschmidt/httprouterent/ent
Stars17,13217,11517,071
LanguageGoGoGo
Setup difficultyhardeasymoderate
Complexity4/52/53/5
Audiencedeveloperdeveloperdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · hard Time to first run · 1h+

Requires a separate database (PostgreSQL, MySQL, or CockroachDB) and you must build and connect your own login and consent UI.

So what is it?

Ory Hydra is an open-source server that handles OAuth 2.0 and OpenID Connect for your applications. OAuth 2.0 is the standard protocol behind "Sign in with Google" style buttons and API access tokens, OpenID Connect is the identity layer built on top of it. Setting these protocols up correctly from scratch is notoriously error-prone, so Hydra packages the whole surface into a single service. A key design choice is that Hydra deliberately does not manage users itself. There are no built-in login forms, password databases, or signup flows. Instead, Hydra delegates the login and consent screens to a separate login and consent app that you supply, which talks to whatever identity store you already have, such as Ory Kratos or an existing in-house user system. This gives you complete control over the user interface while Hydra handles the protocol details, token issuance and validation, client management, and JWKS key management. Hydra is OpenID Foundation certified for several OpenID profiles, implements many OAuth 2.0 RFCs including token revocation, introspection, PKCE, and dynamic client registration, and is built for low latency and high throughput at large scale. The codebase is written in Go. You can run Hydra as a managed service on the Ory Network, or self-host it on Linux, macOS, Windows, or Docker, backed by PostgreSQL, MySQL, or CockroachDB, and deploy to Kubernetes for orchestration. You would reach for Hydra when you need to act as an OAuth2 or OIDC identity provider yourself, for example to power single sign-on across multiple apps or to issue API access tokens, without writing the protocol from scratch.

Copy-paste prompts

Prompt 1
I want to set up Ory Hydra so my web app can let users log in via OAuth2. Show me the minimal Docker Compose setup for Hydra with PostgreSQL and a simple login/consent app.
Prompt 2
How do I register an OAuth2 client in Ory Hydra using the admin API and then use it to get an access token with the authorization code flow?
Prompt 3
Walk me through how the login and consent flow works in Ory Hydra, what endpoints my consent app needs to implement and what tokens Hydra returns.
Prompt 4
Help me deploy Ory Hydra on Kubernetes with MySQL, including the Helm chart config and how to set up HTTPS.
Prompt 5
Show me how to validate an access token issued by Ory Hydra from my backend service using the token introspection endpoint.

Frequently asked questions

What is hydra?

Ory Hydra is an open-source OAuth 2.0 and OpenID Connect server that handles token issuance, client management, and single sign-on without managing users itself, you wire it to your own login UI and identity store.

What language is hydra written in?

Mainly Go. The stack also includes Go, PostgreSQL, MySQL.

How hard is hydra to set up?

Setup difficulty is rated hard, with roughly 1h+ to a first successful run.

Who is hydra for?

Mainly developer.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.