arrow-left Back to announcements
DATE:
AUTHOR:
Ory Team
Ory Hydra

Ory Hydra v2.0.0

DATE:
AUTHOR: Ory Team

Ory Hydra 2.0 is available now! It ships major internal data restructuring and adds support for native integration with Ory Kratos, an open source Identity Server.

What's changed in Ory Hydra 2.0?

  • Ory Identities is now compatible with the Ory OAuth2 Login and Consent Flow. This means, for example, that Ory Kratos can be the login provider for Ory Hydra with a bit of configuration.

  • The Ory Network enables this integration as a default.

  • Ory Hydra 2.0 now natively supports key types such as ES256 for signing ID Tokens and OAuth 2.0 Access Tokens in JWT format.

  • Additionally, the key naming mechanism was updated to conform with industry best practices.

  • Ory Hydra 2.0 ships a complete refactoring of the internal database structure, reducing database storage at scale and optimizing query performance.

  • All primary keys are now UUIDs to avoid hotspots in distributed systems. Please note that as part of this change it is no longer possible to choose the OAuth 2.0 Client ID. Instead, Ory chooses the best-performing ID format for the petabyte scale.

  • Ory chose to denormalize tables that had a negative performance impact due to excessive JOIN statements.

  • Using BCrypt as the primary hashing algorithm for OAuth 2.0 Client Secrets creates excessive CPU consumption at scale. OAuth 2.0 Client Secrets are auto-generated in Ory Hydra 2.x, removing the need for excessive hashing costs.

  • The new PKBDF2 hasher can be fine-tuned to support hashing at scale without a significant threat model impact.

  • This section only applies in scenarios where Ory Hydra is working in a do-it-yourself fashion e.g. on Docker. An Ory Hydra 2.0 compatible service is already available on the Ory Network.

  • The database schema changed significantly from the previous structure. Please be aware that there might be a period where the database tables will be locked for writes while the upgrade runs. A full backup of the database before upgrading is essential! We recommend trying out the upgrade on a copy of a production database first.

Try out Ory Hydra 2.0 on Ory network for free!

Read up on all the details and try out code examples in the Ory Hydra 2.0 Changelog.

Powered by LaunchNotes