Skip to main content
Version: v1.8

hydra clients create

hydra clients create

Create a new OAuth 2.0 Client


This command creates an OAuth 2.0 Client which can be used to perform various OAuth 2.0 Flows like the Authorize Code, Implicit, Refresh flow.

ORY Hydra implements the OpenID Connect Dynamic Client registration specification. Most flags are supported by this command as well.

Example: hydra clients create -n "my app" -c http://localhost/cb -g authorization_code -r code -a core,foobar

To encrypt auto generated client secret, use "--pgp-key", "--pgp-key-url" or "--keybase" flag, for example: hydra clients create -n "my app" -g client_credentials -r token -a core,foobar --keybase keybase_username

hydra clients create [flags]


      --allowed-cors-origins strings        The list of URLs allowed to make CORS requests. Requires CORS_ENABLED.
--audience strings The audience this client is allowed to request
-c, --callbacks strings REQUIRED list of allowed callback URLs
--client-uri string A URL string of a web page providing information about the client
-g, --grant-types strings A list of allowed grant types (default [authorization_code])
-h, --help help for create
--id string Give the client this id
--jwks-uri string Define the URL where the JSON Web Key Set should be fetched from when performing the "private_key_jwt" client authentication method
--keybase string Keybase username for encrypting client secret
--logo-uri string A URL string that references a logo for the client
-n, --name string The client's name
--pgp-key string Base64 encoded PGP encryption key for encrypting client secret
--pgp-key-url string PGP encryption key URL for encrypting client secret
--policy-uri string A URL string that points to a human-readable privacy policy document that describes how the deployment organization collects, uses, retains, and discloses personal data
--post-logout-callbacks strings List of allowed URLs to be redirected to after a logout
-r, --response-types strings A list of allowed response types (default [code])
-a, --scope strings The scope the client is allowed to request
--secret string Provide the client's secret
--subject-type string A identifier algorithm. Valid values are "public" and "pairwise" (default "public")
--token-endpoint-auth-method string Define which authentication method the client may use at the Token Endpoint. Valid values are "client_secret_post", "client_secret_basic", "private_key_jwt", and "none" (default "client_secret_basic")
--tos-uri string A URL string that points to a human-readable terms of service document for the client that describes a contractual relationship between the end-user and the client that the end-user accepts when authorizing the client

Options inherited from parent commands

      --access-token string    Set an access token to be used in the Authorization header, defaults to environment variable OAUTH2_ACCESS_TOKEN
--config string Config file (default is $HOME/.hydra.yaml)
--endpoint string Set the URL where ORY Hydra is hosted, defaults to environment variable HYDRA_ADMIN_URL. A unix socket can be set in the form unix:///path/to/socket
--fail-after duration Stop retrying after the specified duration (default 1m0s)
--fake-tls-termination Fake tls termination by adding "X-Forwarded-Proto: https" to http headers
--skip-tls-verify Foolishly accept TLS certificates signed by unkown certificate authorities