Run your own OAuth2 server

In this guide, you will set up a hardened, fully functional OAuth 2.0 (OAuth2) server. It will take you about ~15 minutes. This guide is for you, if you are looking to do something like in the gif on the right, or more specifically:

  • You want to use OAuth2 for API security.
  • You want to open up your API to third party developers like Dropbox, or GitHub.
  • You want to become and identity provider like GoogleFacebook, or Twitter.
  • You need to federate (delegate) authentication or authorization.

We will use ORY Hydra (open source), a security-first OAuth2 and OpenID Connect server written in Golang.

https://www.ory.am/run-oauth2-server-open-source-api-security.html?

Hydra – Run your own enteprise-grade IAM service with OAuth2 capabilities in less than 2 minutes

At first, there was the monolith. The monolith worked well with the bespoke authentication module. Then, the web evolved into an elastic cloud that serves thousands of different user agents in every part of the world.

Hydra is driven by the need for a scalable, low-latency, in memory Access Control, OAuth2, and OpenID Connect layerthat integrates with every identity provider you can imagine.

Hydra is available through Docker and relies on RethinkDB for persistence. Database drivers are extensible, in case you want to use RabbitMQ, MySQL, MongoDB, or some other database instead.

http://www.ory.am/hydra
https://github.com/ory-am/hydra