To connect Dolibarr to Ory Hydra using OIDC (OpenID Connect), you need to configure Dolibarr as an OIDC client and Ory Hydra as the OIDC provider. While the knowledge sources do not provide a Dolibarr-specific guide, they do outline the general steps for integrating any application with Ory Hydra via OIDC. Here’s a general approach based on the available documentation: 1. Set up Ory Hydra as your OIDC Provider - Deploy Ory Hydra and ensure it is running and accessible. - Create an OAuth2/OIDC client in Hydra for Dolibarr. This involves specifying redirect URIs and allowed scopes. You can do this using the Hydra CLI or API. For example:

hydra create client \        --endpoint <http://127.0.0.1:4445/> \        --grant-type authorization_code,refresh_token \        --response-type code \        --scope openid,offline,email \        --redirect-uri <https://your-dolibarr-instance.com/oidc/callback>

- Note the generated Client ID, Client Secret, and the Issuer URL (e.g., `http://127.0.0.1:4444/`) [see: Introduction to Ory Hydra OAuth2](https://www.ory.sh/docs/oauth2-oidc), [Hydra API Reference](https://www.ory.sh/docs/hydra/reference/api). 2. Configure Dolibarr as an OIDC Client - In Dolibarr, locate the OIDC or OAuth2 authentication module (if available). - Enter the following details: - Client ID: From the Hydra client you created. - Client Secret: From the Hydra client you created. - Issuer/Discovery URL:

http://<hydra-public-endpoint>/.well-known/openid-configuration

- Redirect URI: The callback URL Dolibarr expects after authentication (must match what you set in Hydra). - Set the required scopes, typically

openid

,

email

, and any others needed. 3. Test the Integration - Attempt to log in to Dolibarr using the OIDC login option. - You should be redirected to Hydra’s login/consent flow, and upon successful authentication, redirected back to Dolibarr. Note: - Ensure that both Dolibarr and Hydra are accessible to each other (network/firewall). - If Dolibarr does not natively support OIDC, you may need to use a plugin or middleware that enables OIDC authentication. The knowledge sources do not provide Dolibarr-specific configuration steps, so you may need to consult Dolibarr’s documentation for details on enabling OIDC login. However, the process above follows the standard OIDC integration pattern as described for other clients in the Ory documentation [Connecting a project to the SSO provider](https://www.ory.sh/docs/kratos/social-signin/ory#connecting-a-project-to-the-sso-provider), [Hydra API Reference](https://www.ory.sh/docs/hydra/reference/api). If you need more Dolibarr-specific guidance, please refer to Dolibarr’s own documentation or community.