Skip to main content

Creating OAuth 2.0 Clients

You can manage OAuth 2.0 clients using the cli or the HTTP REST API:

  • CLI: hydra help clients
  • REST: Read the API Docs

Authorize Code Flow with Refresh Token

The following command creates an OAuth 2.0 Client capable of executing the Authorize Code Flow, requesting ID and Refresh Tokens and performing the OAuth 2.0 Refresh Grant:

hydra clients create \
--endpoint http://ory-hydra:4445 \
--id client-id \
--secret client-secret \
--grant-types authorization_code,refresh_token \
--response-types code \
--scope openid,offline \
--callbacks http://my-app.com/callback,http://my-other-app.com/callback

The OAuth 2.0 Client will be allowed to use values http://my-app.com/callback and http://my-other-app.com/callback as redirect_url.

It's expected that the OAuth 2.0 Client sends its credentials using HTTP Basic Authorization.

If you wish to send credentials in the POST Body, add the following flag to the command above:

    --token-endpoint-auth-method client_secret_post \

The same can be achieved by setting "token_endpoint_auth_method": "client_secret_post" in the request body of POST /clients and PUT /clients/<id>.

Client Credentials Flow

A client only capable of performing the Client Credentials Flow can be created as follows:

hydra clients create \
--endpoint http://ory-hydra:4445 \
--id my-client \
--secret secret \
-g client_credentials