PHPackages                             ory/hydra-sdk - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. ory/hydra-sdk

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

ory/hydra-sdk
=============

ORY Hydra SDK

v1.1.1(6y ago)17.4k47.3k↑400%1.6k[104 issues](https://github.com/ory/hydra/issues)[35 PRs](https://github.com/ory/hydra/pulls)Apache-2.0GoPHP &gt;=5.4CI passing

Since Jan 8Pushed 1w ago238 watchersCompare

[ Source](https://github.com/ory/hydra)[ Packagist](https://packagist.org/packages/ory/hydra-sdk)[ Docs](https://github.com/ory/hydra)[ RSS](/packages/ory-hydra-sdk/feed)WikiDiscussions master Synced yesterday

READMEChangelog (10)DependenciesVersions (51)Used By (0)

 [![Ory Hydra - Open Source OAuth 2 and OpenID Connect server](https://raw.githubusercontent.com/ory/meta/master/static/banners/hydra.svg)](https://raw.githubusercontent.com/ory/meta/master/static/banners/hydra.svg)
=======================================================================================================================================================================================================================

[](#--)

####  [Chat](https://www.ory.com/chat) · [Discussions](https://github.com/ory/hydra/discussions) · [Newsletter](https://www.ory.com/l/sign-up-newsletter) · [Docs](https://www.ory.com/docs/) · [Try Ory Network](https://console.ory.sh/) · [Jobs](https://www.ory.com/jobs/)

[](#--chat---discussions---newsletter---docs---try-ory-network---jobs)

Ory Hydra is a hardened, OpenID Certified OAuth 2.0 Server and OpenID Connect Provider optimized for low-latency, high throughput, and low resource consumption. It connects to your existing identity provider through a login and consent app, giving you absolute control over the user interface and experience.

---

- [What is Ory Hydra?](#what-is-ory-hydra)
    - [Why Ory Hydra](#why-ory-hydra)
    - [OAuth2 and OpenID Connect: Open Standards](#oauth2-and-openid-connect-open-standards)
    - [OpenID Connect Certified](#openid-connect-certified)
- [Deployment options](#deployment-options)
    - [Use Ory Hydra on the Ory Network](#use-ory-hydra-on-the-ory-network)
    - [Self-host Ory Hydra](#self-host-ory-hydra)
- [Quickstart](#quickstart)
- [Who is using Ory Hydra](#who-is-using-ory-hydra)
- [Ecosystem](#ecosystem)
    - [Ory Kratos: Identity and User Infrastructure and Management](#ory-kratos-identity-and-user-infrastructure-and-management)
    - [Ory Hydra: OAuth2 &amp; OpenID Connect Server](#ory-hydra-oauth2--openid-connect-server)
    - [Ory Oathkeeper: Identity &amp; Access Proxy](#ory-oathkeeper-identity--access-proxy)
    - [Ory Keto: Access Control Policies as a Server](#ory-keto-access-control-policies-as-a-server)
- [Documentation](#documentation)
- [Developing Ory Hydra](#developing-ory-hydra)
- [Security](#security)
    - [Disclosing vulnerabilities](#disclosing-vulnerabilities)
- [Telemetry](#telemetry)
- [Libraries and third-party projects](#libraries-and-third-party-projects)

What is Ory Hydra?
------------------

[](#what-is-ory-hydra)

Ory Hydra is a server implementation of the OAuth 2.0 authorization framework and the OpenID Connect Core 1.0. It follows [cloud architecture best practices](https://www.ory.com/docs/ecosystem/software-architecture-philosophy)and focuses on:

- OAuth 2.0 and OpenID Connect flows
- Token issuance and validation
- Client management
- Consent and login flow orchestration
- JWKS management
- Low latency and high throughput

We recommend starting with the [Ory Hydra introduction docs](https://www.ory.com/docs/hydra) to learn more about its architecture, feature set, and how it compares to other systems.

### Why Ory Hydra

[](#why-ory-hydra)

Ory Hydra is designed to:

- Be a standalone OAuth 2.0 and OpenID Connect server without user management
- Connect to any existing identity provider through a login and consent app
- Give you absolute control over the user interface and experience flows
- Work with any authentication endpoint: [Ory Kratos](https://github.com/ory/kratos), [authboss](https://github.com/go-authboss/authboss), [User Frosting](https://www.userfrosting.com/), or your proprietary system
- Scale to large numbers of clients and tokens
- Fit into modern cloud native environments such as Kubernetes and managed platforms

### OAuth2 and OpenID Connect: Open Standards

[](#oauth2-and-openid-connect-open-standards)

Ory Hydra implements Open Standards set by the IETF:

- [The OAuth 2.0 Authorization Framework](https://tools.ietf.org/html/rfc6749)
- [OAuth 2.0 Threat Model and Security Considerations](https://tools.ietf.org/html/rfc6819)
- [OAuth 2.0 Token Revocation](https://tools.ietf.org/html/rfc7009)
- [OAuth 2.0 Token Introspection](https://tools.ietf.org/html/rfc7662)
- [OAuth 2.0 for Native Apps](https://tools.ietf.org/html/draft-ietf-oauth-native-apps-10)
- [OAuth 2.0 Dynamic Client Registration Protocol](https://datatracker.ietf.org/doc/html/rfc7591)
- [OAuth 2.0 Dynamic Client Registration Management Protocol](https://datatracker.ietf.org/doc/html/rfc7592)
- [Proof Key for Code Exchange by OAuth Public Clients](https://tools.ietf.org/html/rfc7636)
- [JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants](https://tools.ietf.org/html/rfc7523)

and the OpenID Foundation:

- [OpenID Connect Core 1.0](http://openid.net/specs/openid-connect-core-1_0.html)
- [OpenID Connect Discovery 1.0](https://openid.net/specs/openid-connect-discovery-1_0.html)
- [OpenID Connect Dynamic Client Registration 1.0](https://openid.net/specs/openid-connect-registration-1_0.html)
- [OpenID Connect Front-Channel Logout 1.0](https://openid.net/specs/openid-connect-frontchannel-1_0.html)
- [OpenID Connect Back-Channel Logout 1.0](https://openid.net/specs/openid-connect-backchannel-1_0.html)

### OpenID Connect Certified

[](#openid-connect-certified)

Ory Hydra is an OpenID Foundation [certified OpenID Provider (OP)](http://openid.net/certification/#OPs).

 [![Ory Hydra is a certified OpenID Providier](https://github.com/ory/docs/raw/master/docs/hydra/images/oidc-cert.png)](https://github.com/ory/docs/blob/master/docs/hydra/images/oidc-cert.png)

The following OpenID profiles are certified:

- [Basic OpenID Provider](http://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth)(response types `code`)
- [Implicit OpenID Provider](http://openid.net/specs/openid-connect-core-1_0.html#ImplicitFlowAuth)(response types `id_token`, `id_token+token`)
- [Hybrid OpenID Provider](http://openid.net/specs/openid-connect-core-1_0.html#HybridFlowAuth)(response types `code+id_token`, `code+id_token+token`, `code+token`)
- [OpenID Provider Publishing Configuration Information](https://openid.net/specs/openid-connect-discovery-1_0.html)
- [Dynamic OpenID Provider](https://openid.net/specs/openid-connect-registration-1_0.html)

To obtain certification, we deployed the [reference user login and consent app](https://github.com/ory/hydra-login-consent-node)(unmodified) and Ory Hydra v1.0.0.

Deployment options
------------------

[](#deployment-options)

You can run Ory Hydra in two main ways:

- As a managed service on the Ory Network
- As a self hosted service under your own control, with or without the Ory Enterprise License

### Use Ory Hydra on the Ory Network

[](#use-ory-hydra-on-the-ory-network)

The [Ory Network](https://www.ory.com/cloud) is the fastest way to use Ory services in production. **Ory OAuth2 &amp; OpenID Connect** is powered by the open source Ory Hydra server and is API compatible.

The Ory Network provides:

- OAuth2 and OpenID Connect for single sign on, API access, and machine to machine authorization
- Identity and credential management that scales to billions of users and devices
- Registration, login, and account management flows for passkeys, biometrics, social login, SSO, and multi factor authentication
- Prebuilt login, registration, and account management pages and components
- Low latency permission checks based on the Zanzibar model with the Ory Permission Language
- GDPR friendly storage with data locality and compliance in mind
- Web based Ory Console and Ory CLI for administration and operations
- Cloud native APIs compatible with the open source servers
- Fair, usage based [pricing](https://www.ory.com/pricing)

Sign up for a [free developer account](https://console.ory.sh/registration?utm_source=github&utm_medium=banner&utm_campaign=hydra-readme)to get started.

### Self-host Ory Hydra

[](#self-host-ory-hydra)

You can run Ory Hydra yourself for full control over infrastructure, deployment, and customization.

The [install guide](https://www.ory.com/docs/hydra/install) explains how to:

- Install Hydra on Linux, macOS, Windows, and Docker
- Configure databases such as PostgreSQL, MySQL, and CockroachDB
- Deploy to Kubernetes and other orchestration systems
- Build Hydra from source

This guide uses the open source distribution to get you started without license requirements. It is a great fit for individuals, researchers, hackers, and companies that want to experiment, prototype, or run unimportant workloads without SLAs. You get the full core engine, and you are free to inspect, extend, and build it from source.

If you run Hydra as part of a business-critical system, for example OAuth2 and OpenID Connect for all your users, you should use a commercial agreement to reduce operational and security risk. The **Ory Enterprise License (OEL)**layers on top of self-hosted Hydra and provides:

- Additional enterprise features that are not available in the open source version
- Regular security releases, including CVE patches, with service level agreements
- Support for advanced scaling, multi-tenancy, and complex deployments
- Premium support options with SLAs, direct access to engineers, and onboarding help
- Access to a private Docker registry with frequent and vetted, up-to-date enterprise builds

For guaranteed CVE fixes, current enterprise builds, advanced features, and support in production, you need a valid [Ory Enterprise License](https://www.ory.com/ory-enterprise-license) and access to the Ory Enterprise Docker registry. To learn more, [contact the Ory team](https://www.ory.com/contact/).

Quickstart
----------

[](#quickstart)

Install the [Ory CLI](https://www.ory.com/docs/guides/cli/installation) and create a new project to try Ory OAuth2 &amp; OpenID Connect.

```
# Install the Ory CLI if you do not have it yet:
bash
