> ## Documentation Index
> Fetch the complete documentation index at: https://docs.getbindu.com/llms.txt
> Use this file to discover all available pages before exploring further.
# v2026.6.6
> One login system, done properly
## One way to log in — Hydra
Until now, Bindu supported three different ways to handle logins: Auth0, Cognito, and Kratos. Three systems means three sets of bugs, three sets of configs, three things to test.
Starting this release, Bindu uses only one: [Ory Hydra](https://www.ory.sh/hydra/). It's open source, it speaks OAuth2, and it plays nicely with your agent's DID.
If you were using Auth0, Cognito, or Kratos — you'll need to move over. We'll walk you through it below.
***
## Heads up before you upgrade
**Auth0 and Cognito no longer work.** Only Hydra is supported now. Any old Auth0 or Cognito setup has to be switched.
**How token requests are signed changed.** We now send the client secret in the request body (`client_secret_post`) instead of the header. This is needed because DIDs contain colons, and colons don't play well with the older style.
**Some files are gone.** If your code imports from `bindu/utils/auth_utils.py`, `bindu/server/middleware/auth/auth0.py`, `bindu/server/middleware/auth/cognito.py`, or any Kratos/Vault/user-OAuth modules — those have been deleted.
***
## What's new
### DID + OAuth2 working together
Here's the idea. Your agent has a **DID** (a decentralized ID that proves "I am who I say I am"). Hydra gives out **OAuth2 tokens** (short-lived keys for API access).
We connect the two. Your DID becomes the `client_id` in Hydra. When your agent starts up, it introduces itself to Hydra using its DID and gets registered automatically.
If the credentials on disk ever get out of sync with Hydra (say, your local file is deleted), Bindu notices, re-registers the agent, and carries on. No manual fix needed.
### Dependencies locked to exact versions
Every package Bindu depends on is now pinned to an exact version (`==`) instead of "this or newer" (`>=`). This means every build is the same build — no surprise updates in the middle of the night breaking your agent.
34 packages were pinned across runtime, telemetry, payments, storage, CLI, and security. A few packages we weren't really using (`openai`, `agno`, `ddgs`, `numpy`) got removed entirely.
### Web UI: cleaner building blocks
The agent's web interface got split into focused JavaScript files — one for the HTTP client, one for state, one for chat, one for the protocol. Easier to read, easier to change.
***
## What got better
With only one auth provider to worry about:
* The auth config is far simpler
* Tests don't have to mock three different systems
* The config validator only has to check one thing
When your agent starts up, it now prints the exact `curl` command to grab a fresh OAuth token, plus the path to your client secret. Testing an authenticated endpoint takes seconds.
***
## Migration
Use the hosted one at `https://hydra.getbindu.com`, or run your own.
Remove the old Auth0 ones:
```bash theme={null}
# Delete these
AUTH0_DOMAIN=...
AUTH0_AUDIENCE=...
AUTH0_CLIENT_ID=...
AUTH0_CLIENT_SECRET=...
```
And add the new Hydra ones:
```bash theme={null}
HYDRA__ADMIN_URL=https://hydra-admin.getbindu.com
HYDRA__PUBLIC_URL=https://hydra.getbindu.com
AUTH__ENABLED=true
AUTH__PROVIDER=hydra
```
```yaml theme={null}
auth:
enabled: true
provider: hydra # this is the only option now
```
On first boot, your agent signs itself up in Hydra using its DID as the `client_id`. You don't have to do anything.
```bash theme={null}
curl 'https://hydra.getbindu.com/oauth2/token' \
-d 'grant_type=client_credentials' \
-d 'client_id=YOUR_DID' \
-d 'client_secret=YOUR_SECRET'
```
If you're on Cognito, there's no shortcut — you'll need to set up Hydra from scratch and point your agents there.