Back to Home
jeffdyke icon

hydra-headless-ts

by jeffdyke

View Source

Overview

Acts as a headless OAuth2 login/consent provider, bridging Ory Hydra (with DCR support) and Google OAuth (without DCR support) for authentication flows, primarily for AI agents like Claude.ai.

Installation

Run Command
docker-compose up -d

Environment Variables

  • SESSION_SECRET
  • COOKIE_SECRET
  • JWT_SECRET
  • JWT_ISSUER
  • JWT_AUDIENCE
  • JWT_PROVIDER
  • POSTGRES_HOST
  • POSTGRES_PORT
  • POSTGRES_USER
  • POSTGRES_PASSWORD
  • POSTGRES_DB
  • DSN
  • REDIS_HOST
  • REDIS_PORT
  • GOOGLE_CLIENT_ID
  • GOOGLE_CLIENT_SECRET
  • GOOGLE_REDIRECT_URI
  • HYDRA_PUBLIC_URL
  • HYDRA_ADMIN_HOST
  • HYDRA_ADMIN_PORT
  • BASE_URL
  • APP_ENV
  • PORT
  • PUBLIC_DOMAIN
  • PRIVATE_HOST
  • MOCK_TLS_TERMINATION
  • DCR_MASTER_CLIENT_ID
  • DCR_ORIGIN_REDIRECT_URI
  • REDIRECT_URL
  • NODE_TLS_REJECT_UNAUTHORIZED
  • NODE_ENV

Security Notes

The server has critical security vulnerabilities including hardcoded secrets for CSRF protection (`src/setup/index.ts`), Hydra system secrets (`stage_env/hydra.yml`), and default insecure values for session (`src/app-fp.ts`) and JWT (`src/fp/config.ts`) secrets that explicitly warn to be changed in production. The extensive logging of request bodies by the proxy middleware (`src/setup/proxy.ts`) can also lead to sensitive information leakage in logs. Running with `NODE_TLS_REJECT_UNAUTHORIZED=0` in development (`docker-compose.yml`) is also insecure.

Similar Servers

mcp-framework

875

This repository provides a framework for integrating and managing OAuth authentication within a server application, potentially involving HTTP streaming.

8
$Medium

oauth-mcp-proxy

15

OAuth 2.1 authentication library for Go MCP servers, supporting both mark3labs and official SDKs for token validation and caching.

Other
9
$Low

oauth2-authorization-server

5

An OAuth2 Authorization Server managing user authentication, user data, PostgreSQL to Oracle database migration/scripting, AI chat with various models, file storage, and Excel processing.

Other
9
$Medium

mcp-oauth2-proxy

4

This project acts as an OAuth2 proxy to secure web applications or services, handling authentication and authorization through an OAuth2 provider.

7
$Low

Stats

Interest Score0
Security Score3
Cost ClassMedium
Avg Tokens15
Stars0
Forks0
Last Update2025-12-03

Tags

OAuth2OpenID ConnectAuthenticationIdentity ProviderHydraGoogle OAuthDCR BridgeTypeScriptFunctional Programming