We have been playing around with ORY/hydra OAuth1/OpenID connect server and really love it. We are thinking of going to production with this solution. I wanted to reach out to the community and get a feel of how many are using the OAuth2 in production? Any best practices and learning etc.
Thanks a bunch in advance
currently, I’m trying to test Hydra dev environment, and it works well regardless of some SSL Certificates problems. and me too thinking of using it in production.
you can read this guide: https://www.ory.sh/hydra/docs/production
and share me your opinions about the production environment.
Hydra is being used in high-scale prod environments (some of which you find logos of on our website and in the sponsorship section) for years.
Getting to production doesn’t require a lot of effort as there is no real distinction between dev and production for hydra.
SSL Certificate issues come from not using signed SSL certificates from well-known CAs and is something you need to set up yourself (e.g. using LetsEncrypt).
Thanks for the response folks. Much appreciated
I don’t see anything in the production guide about flushing expired tokens. Do you recommend we make a perodic call to POST /oauth2/flush . Or does the server take care of it’s own housekeeping?