ory/hydra-sdk
Composer 安装命令:
composer require ory/hydra-sdk
包简介
ORY Hydra SDK
README 文档
README
Chat · Discussions · Newsletter · Docs · Try Ory Network · Jobs
Ory Hydra is a hardened, OpenID Certified OAuth 2.0 Server and OpenID Connect Provider optimized for low-latency, high throughput, and low resource consumption. It connects to your existing identity provider through a login and consent app, giving you absolute control over the user interface and experience.
- What is Ory Hydra?
- Deployment options
- Quickstart
- Who is using Ory Hydra
- Ecosystem
- Documentation
- Developing Ory Hydra
- Security
- Telemetry
- Libraries and third-party projects
What is Ory Hydra?
Ory Hydra is a server implementation of the OAuth 2.0 authorization framework and the OpenID Connect Core 1.0. It follows cloud architecture best practices and focuses on:
- OAuth 2.0 and OpenID Connect flows
- Token issuance and validation
- Client management
- Consent and login flow orchestration
- JWKS management
- Low latency and high throughput
We recommend starting with the Ory Hydra introduction docs to learn more about its architecture, feature set, and how it compares to other systems.
Why Ory Hydra
Ory Hydra is designed to:
- Be a standalone OAuth 2.0 and OpenID Connect server without user management
- Connect to any existing identity provider through a login and consent app
- Give you absolute control over the user interface and experience flows
- Work with any authentication endpoint: Ory Kratos, authboss, User Frosting, or your proprietary system
- Scale to large numbers of clients and tokens
- Fit into modern cloud native environments such as Kubernetes and managed platforms
OAuth2 and OpenID Connect: Open Standards
Ory Hydra implements Open Standards set by the IETF:
- The OAuth 2.0 Authorization Framework
- OAuth 2.0 Threat Model and Security Considerations
- OAuth 2.0 Token Revocation
- OAuth 2.0 Token Introspection
- OAuth 2.0 for Native Apps
- OAuth 2.0 Dynamic Client Registration Protocol
- OAuth 2.0 Dynamic Client Registration Management Protocol
- Proof Key for Code Exchange by OAuth Public Clients
- JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants
and the OpenID Foundation:
- OpenID Connect Core 1.0
- OpenID Connect Discovery 1.0
- OpenID Connect Dynamic Client Registration 1.0
- OpenID Connect Front-Channel Logout 1.0
- OpenID Connect Back-Channel Logout 1.0
OpenID Connect Certified
Ory Hydra is an OpenID Foundation certified OpenID Provider (OP).
The following OpenID profiles are certified:
- Basic OpenID Provider
(response types
code) - Implicit OpenID Provider
(response types
id_token,id_token+token) - Hybrid OpenID Provider
(response types
code+id_token,code+id_token+token,code+token) - OpenID Provider Publishing Configuration Information
- Dynamic OpenID Provider
To obtain certification, we deployed the reference user login and consent app (unmodified) and Ory Hydra v1.0.0.
Deployment options
You can run Ory Hydra in two main ways:
- As a managed service on the Ory Network
- As a self hosted service under your own control, with or without the Ory Enterprise License
Use Ory Hydra on the Ory Network
The Ory Network is the fastest way to use Ory services in production. Ory OAuth2 & OpenID Connect is powered by the open source Ory Hydra server and is API compatible.
The Ory Network provides:
- OAuth2 and OpenID Connect for single sign on, API access, and machine to machine authorization
- Identity and credential management that scales to billions of users and devices
- Registration, login, and account management flows for passkeys, biometrics, social login, SSO, and multi factor authentication
- Prebuilt login, registration, and account management pages and components
- Low latency permission checks based on the Zanzibar model with the Ory Permission Language
- GDPR friendly storage with data locality and compliance in mind
- Web based Ory Console and Ory CLI for administration and operations
- Cloud native APIs compatible with the open source servers
- Fair, usage based pricing
Sign up for a free developer account to get started.
Self-host Ory Hydra
You can run Ory Hydra yourself for full control over infrastructure, deployment, and customization.
The install guide explains how to:
- Install Hydra on Linux, macOS, Windows, and Docker
- Configure databases such as PostgreSQL, MySQL, and CockroachDB
- Deploy to Kubernetes and other orchestration systems
- Build Hydra from source
This guide uses the open source distribution to get you started without license requirements. It is a great fit for individuals, researchers, hackers, and companies that want to experiment, prototype, or run unimportant workloads without SLAs. You get the full core engine, and you are free to inspect, extend, and build it from source.
If you run Hydra as part of a business-critical system, for example OAuth2 and OpenID Connect for all your users, you should use a commercial agreement to reduce operational and security risk. The Ory Enterprise License (OEL) layers on top of self-hosted Hydra and provides:
- Additional enterprise features that are not available in the open source version
- Regular security releases, including CVE patches, with service level agreements
- Support for advanced scaling, multi-tenancy, and complex deployments
- Premium support options with SLAs, direct access to engineers, and onboarding help
- Access to a private Docker registry with frequent and vetted, up-to-date enterprise builds
For guaranteed CVE fixes, current enterprise builds, advanced features, and support in production, you need a valid Ory Enterprise License and access to the Ory Enterprise Docker registry. To learn more, contact the Ory team.
Quickstart
Install the Ory CLI and create a new project to try Ory OAuth2 & OpenID Connect.
# Install the Ory CLI if you do not have it yet: bash <(curl https://raw.githubusercontent.com/ory/meta/master/install.sh) -b . ory sudo mv ./ory /usr/local/bin/ # Sign in or sign up ory auth # Create a new project ory create project --create-workspace "Ory Open Source" --name "GitHub Quickstart" --use-project
Try out the OAuth 2.0 Client Credentials flow:
ory create oauth2-client \
--name "Client Credentials Demo" \
--grant-type client_credentials
# Note the client ID and secret from output
ory perform client-credentials \
--client-id <your-client-id> \
--client-secret <your-client-secret>
# Note the access token from output
ory introspect token <your-access-token>
Try out the OAuth 2.0 Authorize Code + OpenID Connect flow:
ory create oauth2-client \
--name "Authorize Code with OpenID Connect Demo" \
--grant-type authorization_code,refresh_token \
--response-type code \
--redirect-uri http://127.0.0.1:4446/callback
ory perform authorization-code \
--client-id <your-client-id> \
--client-secret <your-client-secret>
Who is using Ory Hydra
The Ory community stands on the shoulders of individuals, companies, and maintainers. The Ory team thanks everyone involved - from submitting bug reports and feature requests, to contributing patches and documentation. The Ory community counts more than 50.000 members and is growing. The Ory stack protects 7.000.000.000+ API requests every day across thousands of companies. None of this would have been possible without each and everyone of you!
The following list represents companies that have accompanied us along the way and that have made outstanding contributions to our ecosystem. If you think that your company deserves a spot here, reach out to office@ory.com now!
| Name | Logo | Website | Case Study |
|---|---|---|---|
| OpenAI |
|
openai.com | OpenAI Case Study |
| Fandom |
|
fandom.com | Fandom Case Study |
| Lumin |
|
luminpdf.com | Lumin Case Study |
| Sencrop |
|
sencrop.com | Sencrop Case Study |
| OSINT Industries |
|
osint.industries | OSINT Industries Case Study |
| HGV |
|
hgv.it | HGV Case Study |
| Maxroll |
|
maxroll.gg | Maxroll Case Study |
| Zezam |
|
zezam.io | Zezam Case Study |
| T.RowePrice |
|
troweprice.com | |
| Mistral |
|
mistral.ai | |
| Axel Springer |
|
axelspringer.com | |
| Hemnet |
|
hemnet.se | |
| Cisco |
|
cisco.com | |
| Presidencia de la República Dominicana |
|
presidencia.gob.do | |
| Moonpig |
|
moonpig.com | |
| Booster |
|
choosebooster.com | |
| Zaptec |
|
zaptec.com | |
| Klarna |
|
klarna.com | |
| Raspberry PI Foundation |
|
raspberrypi.org | |
| Tulip |
|
tulip.com | |
| Hootsuite |
|
hootsuite.com | |
| Segment |
|
segment.com | |
| Arduino |
|
arduino.cc | |
| Sainsbury's |
|
sainsburys.co.uk | |
| Contraste |
|
contraste.com | |
| inMusic |
|
inmusicbrands.com | |
| Buhta |
|
buhta.com | |
| Amplitude |
|
amplitude.com | |
Many thanks to all individual contributors
Ecosystem
We build Ory on several guiding principles when it comes to our architecture design:
- Minimal dependencies
- Runs everywhere
- Scales without effort
- Minimize room for human and network errors
Ory's architecture is designed to run best on a Container Orchestration system such as Kubernetes, CloudFoundry, OpenShift, and similar projects. Binaries are small (5-15MB) and available for all popular processor types (ARM, AMD64, i386) and operating systems (FreeBSD, Linux, macOS, Windows) without system dependencies (Java, Node, Ruby, libxml, ...).
Ory Kratos: Identity and User Infrastructure and Management
Ory Kratos is an API-first Identity and User Management system that is built according to cloud architecture best practices. It implements core use cases that almost every software application needs to deal with: Self-service Login and Registration, Multi-Factor Authentication (MFA/2FA), Account Recovery and Verification, Profile, and Account Management.
Ory Hydra: OAuth2 & OpenID Connect Server
Ory Hydra is an OpenID Certified™ OAuth2 and OpenID Connect Provider which easily connects to any existing identity system by writing a tiny "bridge" application. It gives absolute control over the user interface and user experience flows.
Ory Oathkeeper: Identity & Access Proxy
Ory Oathkeeper is a BeyondCorp/Zero Trust
Identity & Access Proxy (IAP) with configurable authentication, authorization,
and request mutation rules for your web services: Authenticate JWT, Access
Tokens, API Keys, mTLS; Check if the contained subject is allowed to perform the
request; Encode resulting content into custom headers (X-User-ID), JSON Web
Tokens and more!
Ory Keto: Access Control Policies as a Server
Ory Keto is a policy decision point. It uses a set of access control policies, similar to AWS IAM Policies, in order to determine whether a subject (user, application, service, car, ...) is authorized to perform a certain action on a resource.
Documentation
The full Ory Hydra documentation is available at www.ory.com/docs/hydra, including:
- Installation guides
- Configuration reference
- HTTP API documentation
- Security architecture
- Performance benchmarks
For upgrading and changelogs, check releases tab and CHANGELOG.md.
Developing Ory Hydra
See DEVELOP.md for information on:
- Contribution guidelines
- Prerequisites
- Install from source
- Running tests
- Build Docker image
- Preview API documentation
Security
OAuth2 and OAuth2 related specifications are over 400 written pages. Implementing OAuth2 is easy, getting it right is hard. Ory Hydra is trusted by companies all around the world, has a vibrant community and faces millions of requests in production each day. Read the security guide for more details on cryptography and security concepts.
Disclosing vulnerabilities
If you think you found a security vulnerability, please refrain from posting it publicly on the forums, the chat, or GitHub. You can find all info for responsible disclosure in our security.txt.
Telemetry
Our services collect summarized, anonymized data that can optionally be turned off. Click here to learn more.
Libraries and third-party projects
Official:
Community:
Developer Blog:
- Visit the Ory Blog for guides, tutorials and articles around Ory Hydra and the Ory ecosystem.
ory/hydra-sdk 适用场景与选型建议
ory/hydra-sdk 是一款 基于 Go 开发的 Composer 扩展包,目前已累计 47.17k 次下载、GitHub Stars 达 17.22k, 最近一次更新时间为 2018 年 01 月 08 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「php」 「api」 「sdk」 「swagger」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 ory/hydra-sdk 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 ory/hydra-sdk 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 ory/hydra-sdk 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
A PSR-7 compatible library for making CRUD API endpoints
Alfabank REST API integration
Zero-dependency raw PHP DNS resolver, domain-ownership verification, and intoDNS/MxToolbox-style diagnostics. Queries authoritative nameservers directly over sockets — never trusts the recursive cache for ownership checks.
A lightweight plain-PHP framework for database-backed CRUD APIs.
bughq error tracking - PHP SDK
ABsurge PHP SDK for feature flags and A/B testing
统计信息
- 总下载量: 47.17k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 17219
- 点击次数: 3
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: Apache-2.0
- 更新时间: 2018-01-08
