Skip to main content

Introduction

OAuth2 is the industry-standard protocol that enables secure machine-to-machine communication and grants limited access to data and services on behalf of users. OpenID Connect, built on top of OAuth2, is required to become a social sign-in provider.

Ory OAuth2 and OpenID Connect, built on top of the widely deployed open-source Ory Hydra Federation Server is available out of the box in the Ory Network and is the perfect solution for securely connecting users, applications, and services. Whether you need single sign-on (SSO), mobile and third-party application authorization, API access management, server-to-server communication, or federated identity, you can find a solution based on Ory OAuth2 and OpenID Connect.

Features

Ory OAuth2 and OpenID Connect comes with a range of features that make it the ideal solution for securely connecting users, applications, and services.

Certified OpenID Connect implementation

Ory OAuth2 and OpenID Connect is a Certified OpenID Connect Implementation that meets all requirements set by the OpenID Foundation. You can trust Ory OAuth2 and OpenID Connect to meet the highest standards of security and reliability.

Flexible user management

Ory OAuth2 and OpenID Connect is connected to Ory Identities by default, but unlike many other OAuth2 service providers, Ory's service is a headless API that doesn't force you to use a specific user management system. This means that Ory OAuth2 and OpenID Connect is the perfect fit if you want to become an OAuth2 provider and already have an existing user management system.

Low latency

Ory OAuth2 and OpenID Connect is optimized for low latency, ensuring that your applications can authenticate users and access resources as quickly as possible. This is especially important for high-traffic applications or those that require real-time data access.

Global deployment

Ory OAuth2 and OpenID Connect is deployed in data centers around the world, ensuring that your applications can access the service with minimal latency from anywhere in the world. With global deployment, you can easily serve users in multiple regions and meet data sovereignty requirements.

Security-first architecture

Ory OAuth2 and OpenID Connect has a security-first architecture that neutralizes common attack vectors, as well as numerous less exploited security risks. The architecture and workflows are designed to meet the highest security standards and comply with industry best practices.

Cryptographic key storage

In addition to OAuth2 functionality, Ory OAuth2 and OpenID Connect offers safe storage for cryptographic keys that can be used, for example, to sign JSON Web Tokens.

Benefits

Ory OAuth2 and OpenID Connect provides a number of key benefits that make it the ideal choice for securely connecting users, applications, and services. With Ory OAuth2 and OpenID Connect, you can:

  • Reduce development time: With Ory OAuth2 and OpenID Connect, you can get up and running quickly with a fully featured OAuth2 and OpenID Connect provider that meets all industry standards and covers a wide range of use cases.
  • Ensure regulatory compliance: Ory OAuth2 and OpenID Connect is designed to comply with the latest security standards and regulatory requirements, making it easy to meet your compliance needs.
  • Improve user experience: With support for SSO and mobile authentication, Ory OAuth2 and OpenID Connect makes it easy for users to access your applications securely and quickly.
  • Scale with ease: Ory OAuth2 and OpenID Connect is built on a cloud-native architecture that makes it easy to deploy and scale the service to meet your needs, whether you're serving thousands or millions of users.
  • Minimize security risks: Ory OAuth2 and OpenID Connect's security-first architecture and cryptographic key storage help minimize security risks, ensuring that your users and data are protected from unauthorized access and malicious attacks.

Use cases

Ory OAuth2 and OpenID Connect can be used for a wide range of use cases, including:

  • Single sign-on (SSO): Allow users to authenticate with a single set of credentials across multiple applications, eliminating the need for multiple logins.
  • Mobile and third-party application authorization: Enable applications to request authorization to access resources on behalf of users. This lets users give apps limited access to their resources without sharing their credentials.
  • API access management: Use OAuth2 to verify the identity of clients that try to access APIs and enforce appropriate access control policies based on this identification.
  • Server-to-server communication: Authorize communication between servers without a user present.
  • Federated identity: Become an identity provider, authenticate users, and provide access to applications just like Google, Facebook, or GitHub.

Next steps

See Ory Network OAuth2 quickstart guide to learn how to set up your own OAuth2 and OpenID Connect provider in just a few minutes. The guide walks you through the process of setting up Ory OAuth2 and OpenID Connect and configuring a sample application to use the service.