To configure Ory Kratos to use Ory Hydra as the OAuth2 provider, you need to set the

oauth2_provider.url

field in your Kratos configuration file to point to the administrative API endpoint of your Hydra instance (typically

<http://hydra:4445>

if running in Docker Compose, or

<http://127.0.0.1:4445>

if running locally). This enables Kratos to handle the

login_challenge

and related parameters for OAuth2/OpenID Connect flows. Here is an example snippet for your Kratos config file:

yaml oauth2_provider:   url: <http://hydra:4445>   # Optionally, you can add headers if needed, for example:   # headers:   #   Authorization: Bearer some-token   override_return_to: true

- The

url

should point to the Hydra admin endpoint. - The

override_return_to

option can be set to

true

if you want Kratos to override the return URL after login/registration. - If your Hydra admin API requires authentication, you can set the

headers

field as shown above. This configuration allows Kratos to integrate with Hydra for OAuth2/OpenID Connect flows, handling the

login_challenge

parameter as required. Make sure your Hydra instance is accessible from Kratos at the specified URL. You can see this configuration in use in real-world setups and GitHub issues, for example:

yaml oauth2_provider:   url: <http://hydra:4445>   headers:     Authorization: Bearer some-token   override_return_to: true

[See example in GitHub issue](https://github.com/ory/kratos/issues/4024)

Yes, the

oauth2_provider.url

configuration option is available in self-hosted versions of Ory Kratos. This is evident from configuration examples and documentation for self-hosted Kratos, where the option is used to integrate with Ory Hydra as the OAuth2 provider. The configuration allows Kratos to handle OAuth2/OpenID Connect flows by pointing to the Hydra admin endpoint. You can see this option in use in self-hosted configuration samples, such as in the referenced GitHub issue, which demonstrates a self-hosted setup using this field:

yaml oauth2_provider:   url: <http://hydra:4445>   override_return_to: true

This confirms that the option is supported in self-hosted deployments of Ory Kratos [Registration flow doesn't return to consent flow after verification via ajax api when using with kratos+hydra](https://github.com/ory/kratos/issues/4233).