Expose Prometheus Metrics for OAuth Client Operations (e.g. Token Requests) #4011
Description
Preflight checklist
- I could not find a solution in the existing issues, docs, nor discussions.
- I agree to follow this project's Code of Conduct.
- I have read and am following this repository's Contribution Guidelines.
- I have joined the Ory Community Slack.
- I am signed up to the Ory Security Patch Newsletter.
Ory Network Project
No response
Describe your problem
Currently, it's very difficult to track OAuth client activity using Hydra metrics, especially around operations such as token requests, refreshes, and client authentication events. This makes it challenging to monitor client behaviour, usage patterns, or detect misuse.
It would be very useful if Hydra exposed Prometheus metrics specifically related to client operations, for example:
- Total number of token requests per client
- Token request errors
- Refresh token usage per client
- Error types encountered during client authentication
Describe your ideal solution
Add Prometheus metrics for OAuth client operations, with labels to allow filtering by client_id and operation type. Specifically, metrics for the following operations would be helpful:
- Token Requests: new access/refresh token requests via various grant types (e.g. authorization code, client credentials, refresh token)
- Failed Token Requests: per client, with error type or reason if possible
- Refresh Token Usage: number of times refresh tokens are exchanged
Workarounds or alternatives
The existing http metrics used with logs and/or traces gives some visibility over client activity but requires correlating multiple datasources (e.g. logs/traces) to determine which client is misbehaving
Version
v2.3.0
Additional Context
No response