Skip to content
Today, we are very excited to announce the stable release of ORY Hydra 1.9! This release contains significant internal code refactoring, making ORY Hydra more reliable, lightweight, and even more scalable! Also, for the first time ever, **ORY Hydra handled over 13.3 billion API requests in December 2020** in over **23.000 production environments** around the globe.

Let's talk features - in a TL;DR overview:

- Completely replacing the existing DBAL and switching to gobuffalo/pop.
- Support for SQLite, an embedded database, which can be used for testing and tiny deployments.
- Deprecating the existing configuration system [spf13/viper](https://github.com/spf13/viper) and moving to [knadh/koanf](https://github.com/knadh/koanf).
- Adding OpenID Connect Conformity Test Suite to the CI, guaranteeing that every code change is fully OpenID Connect compliant.
- Support for the OpenID Connect `response_mode=form_post` Response Mode.
- Compatibility with MITREid, allowing [easy migration from MITREid to ORY Hydra](https://www.ory.sh/hydra/docs/next/guides/migrating-from-MITREid).
- The TypeScript SDK moved from **@oryd/hydra-client to @ory/hydra-client**. Please update your dependencies!

If you wish to get into ORY Hydra, check out the new YouTube tutorial:

[![ORY Hydra YouTube Quickstart Tutorial](https://raw.githubusercontent.com/ory/web/master/static/images/newsletter/hydra-1.9.0/YouTube-tutorial-hydra-preview.png)](https://www.youtube.com/watch?v=tlO9p2E501A)

*See you on [slack](https://slack.ory.sh), signed [HACKERMAN](https://github.com/aeneasr).*

**ORY Kratos**

We would like to take a bit of your time and introduce you to [ORY Kratos](https://github.com/ory/kratos). ORY Kratos implements all the hard things related to users: [login](https://www.ory.sh/kratos/docs/self-service/flows/user-login), [registration](https://www.ory.sh/kratos/docs/self-service/flows/user-registration), [customizable profile fields](https://www.ory.sh/kratos/docs/concepts/identity-data-model/), [multi-factor authentication scheduled for v0.6](https://www.ory.sh/kratos/docs/self-service/flows/2fa-mfa-multi-factor-authentication), [secure account recovery](https://www.ory.sh/kratos/docs/self-service/flows/account-recovery), [email and SMS verification](https://www.ory.sh/kratos/docs/self-service/flows/verify-email-account-activation), [profile management](https://www.ory.sh/kratos/docs/self-service/flows/user-settings), [session and device management](https://github.com/ory/kratos/issues/655), [user administration](https://www.ory.sh/kratos/docs/admin/managing-users-identities), [social sign in and sign up](https://www.ory.sh/kratos/docs/concepts/credentials/openid-connect-oidc-oauth2/), and much, much more! Everything works with proven and ORY-hardened protocols in the same lightweight fashion you are used to from our other products. And it natively targets mobile, desktop, web, and robots! [ORY Kratos](https://github.com/ory/kratos) is essentially an open-source alternative to Auth0, Okta, and Google Firebase with the added benefit of avoiding the complexity of implementing OAuth2 and OpenID Connect for your first-party apps just to get login to work. So if you are wondering [**whether you really need OAuth2**](https://www.ory.sh/hydra/docs/concepts/before-oauth2), this is worth your time!

To get a feeling for ORY Kratos, check out our exemplary React Native app (available on [GitHub](https://github.com/ory/kratos-selfservice-ui-react-native), [Android](https://play.google.com/store/apps/details?id=com.ory.kratos_self_service_ui_react_native&hl=en&gl=US) and [iOS](https://apps.apple.com/de/app/ory-profile-app/id1536546333)) demonstrating user registration, login, and profile management. It uses APIs from ORY Cloud, which will be publicly announced this year. If you are interested in becoming an early adopter, [get in touch now](mailto:jared@ory.sh)! We have more super exciting stuff planned!

![ORY Kratos User Data Screen for Mobile Applications](https://raw.githubusercontent.com/ory/web/master/static/images/newsletter/kratos-0.5.0/welcome-screen.png)

**Changes in-depth**

Let's break down the most significant changes in more detail:

**The configuration system has been reworked**

1. Configuration sourcing works from all sources (file, env, cli flags) with validation against the configuration schema. This makes changing or updating configuration much easier.
2. Configuration reloading is improved and works on Kubernetes.
3. Performance gains remove the need for a cache layer between the configuration system and ORY Hydra.
4. Loading of several config files is now possible using the `--config` flag.
5. Configuration values are now sent to the tracer (e.g. Jaeger) if tracing is enabled.

Please be aware that deprecated configuration flags have been removed with this change. It is also possible that ORY Hydra might complain about an invalid configuration due to a significantly improved validation process.

**The [OpenID Connect Conformity Test Suite](https://gitlab.com/openid/conformance-suite) is now part of the ORY Hydra CI pipeline.**

This means every PR and change will be checked for OpenID Connect Compliance. As part of these tests, we uncovered some regression issues which have since been resolved. Please be aware that fields `error_hint` and `error_debug` will no longer be sent. You can re-enable those legacy fields by setting `oauth2.include_legacy_error_fields` to `true`.

**Supporting `response_mode=form_post`**

Support OpenID Connect flows `response_mode=form_post` was added and has been tested with the OpenID Connect Conformity Test Suite, making it ready for production.

**Compatibility with MITREid**

Adds an option that allows granting the OAuth2 Client's authorized scope when performing a `client_credentials` flow without specifying a scope. This enables compatibility with MITREid and allows [migrating from MITREid to ORY Hydra](https://www.ory.sh/hydra/docs/next/guides/migrating-from-MITREid).

**Refactoring the internal DBAL**

We completely refactored the internal database abstraction layer (DBAL). We have been using [gobuffalo/pop](https://github.com/gobuffalo/pop) successfully in [ORY Kratos](https://github.com/ory/kratos) and decided to move the ORY Hydra DBAL to [gobuffalo/pop](https://github.com/gobuffalo/pop) as well. As part of this refactoring, ORY Hydra now supports SQLite for both in-memory as well as on-disk databases, de-duplicating the codebase and allowing for quick and easy persistence in test environments.