FDA MyStudies uses ORY Hydra as an OAuth 2.0 and OpenID Connect (OIDC) Certified© technology to facilitate secure token generation and management, and to support integration with diverse identity providers. The FDA MyStudies platform uses a SCIM Auth server to implement email and password login using the Hydra APIs. If desired, code modifications will enable a deploying organization to supplement or replace the Auth server with an OIDC-compliant identity provider of choice.
The Hydra server provides the following functionality:
- Client credentials management (
client_idandclient_secret) - Client credentials validation
- Token generation and management
- Token introspection
- OAuth 2.0 flows
The /hydra/Dockerfile builds a Hydra container, then starts Hydra using entrypoint.bash. This entrypoint script sets all necessary environment variables and executes migrate to update the schema of the backend database.
NOTE: Holistic deployment of the FDA MyStudies platform with Terraform and infrastructure-as-code is the recommended approach to deploying this component. A step-by-step guide to semi-automated deployment can be found in the
deployment/directory.
Copyright 2020 Google LLC