Skip to main content

Managing OAuth 2.0 clients

You can manage OAuth 2.0 clients using the CLI or the HTTP REST API:

  • CLI: hydra help clients
  • REST: Read the API Docs

Authorize Code Flow with Refresh Token

The following command creates an OAuth 2.0 Client capable of executing the Authorize Code Flow, requesting ID and Refresh Tokens and performing the OAuth 2.0 Refresh Grant:

hydra create client \
--endpoint http://ory-hydra:4445 \
--grant-type authorization_code,refresh_token \
--response-type code \
--scope openid,offline \

The OAuth 2.0 Client will be allowed to use values and as redirect_url.

It's expected that the OAuth 2.0 Client sends its credentials using HTTP Basic Authorization.

If you wish to send credentials in the POST Body, add the following flag to the command above:

    --token-endpoint-auth-method client_secret_post \

The same can be achieved by setting "token_endpoint_auth_method": "client_secret_post" in the request body of POST /clients and PUT /clients/<id>.

Client credentials flow

A client only capable of performing the Client Credentials Flow can be created as follows:

hydra create client \
--endpoint http://ory-hydra:4445 \
-g client_credentials