Discover how Cloudflare used Ory Hydra to scale OAuth for all users, slashing API response times by 45% and memory use by 40% with zero user downtime.
How Apple broke "Sign in with Apple" with an unannounced and silent redirect
When Cloudflare decided to bring OAuth to every single one of its users, they didn't build their own identity engine from scratch. They turned to Ory Hydra; the same OAuth 2.0 and OpenID Connect server trusted by some of the most demanding infrastructure teams on the planet.
Cloudflare provides services that help run 20% of the web, but in their words “...we don’t do it alone.” To support this massive scale Cloudflare has been running Hydra for years to power OAuth under the hood. It worked well when their usage was limited. But as Cloudflare's platform grew into one of the world's largest network infrastructure providers, "good enough" had to become exceptional. The mission: extend OAuth to all Cloudflare users, without a moment of meaningful downtime.
What followed was a masterclass in large-scale infrastructure migration…and a testament to how Hydra is engineered for exactly these moments.
The numbers tell the story:
All executed with no revocations lost and no user sessions silently broken. Cloudflare used a blue-green deployment, extended token expiry windows, and a Cloudflare Queues-backed replay system to make the migration invisible to their users.
After upgrading to Ory Hydra 2.X, Cloudflare saw immediate, dramatic gains:
This isn't a minor tuning win. This is what happens when software is built with the right architecture from the ground up…and when it keeps getting better with every release.
This kind of outcome is no accident. Ory Hydra is built to handle authentication workloads that would break conventional identity systems. Case in point: OpenAI relies on Ory for login infrastructure serving nearly 900 million users per week; one of the most trafficked authentication systems in existence.
From AI's most recognized platform to the backbone of global internet infrastructure, Ory Hydra is where the world's most serious engineering teams land when they need identity solutions that must handle agent scale and simply cannot fail.
Cloudflare's "OAuth for all" initiative is a landmark moment. It is proof that identity infrastructure has reached a certain level of maturity and reliability upon which global-scale enterprises can bet their security posture.
What makes Hydra exceptional isn't just the performance numbers, it's the philosophy. Hydra comes from open source roots, is standards-compliant (OAuth 2.0, OpenID Connect, PKCE, token introspection), and built to be operated at any scale without vendor lock-in. Whether you're handling thousands of logins or hundreds of millions, the same engine powers it all
That engine is Ory Hydra.
Learn more at ory.com or read the full Cloudflare engineering post at blog.cloudflare.com/oauth-for-all.
