Hey everyone, question regarding Hydra. I configured Kratos for user identity (login, register, recover, ...) and now finished implementing Hydra to use OAuth2.0 and OIDC capabilities in localhost. My frontend requires the hydra_admin url to talk with the consent and login endpoints. What are the recommendations when moving to a real environment (dev, staging, prod, ..) to contact the hydra_admin api? Should I create an api on top of Hydra or consider using a proxy such as Oathkeeper to manage that? Thanks
01/11/2022, 11:27 AM
Hey Deniz, I dont have much experience with Hydra in production, but maybe this document could help:
You should put the admin API behind some gateway for sure. Oathkeeper can be used, but there is probably many other solutions.