Hi all! I run a ory hydra local instance in my organization. It's run in an okd infraestruture. In this moment has two clients (two apps), both use the same /hydra/login endpoint to authenticate users. Can I add another client? but this app has another sets of users and authenticate against other ldap. How Can I configurate this?. Thanks!

You can add as many OAuth2 clients as you want but they will use the same login, consent and logout endpoint. You could add specific logic to the consent page to only allow a certain subset of users based on client scope or metadata but it might be better to run a another Hydra instance with different endpoints.

I understand. Inside my implementation of login I have to figure out who client is behind and react in consequence. In the other option (run another instance of Hydra) the sso is missing between apps? or is there a way to have SSO?

@brash-honey-57496 can you post the configuration information?

Hi thom!, what type of configuration?. For example in my Ory Hydra instance I have defined this. I have two apps clients of this Ory Hydra that use it.

urls:
        self:
        issuer: <https://myorganization/hydra-public/>
        login: <https://myorganization/loginapp/hydra/login>
        consent: <https://myorganization/loginapp/hydra/consent>
        logout: <https://myorganization/loginapp/hydra/logout>

loginapp is my app in wich resolve authentication against a set of users that save your passwords in a ldap. Now is comming another set of apps with a different (possibly) set of users that authenticate against other password repository. My initial question is: If possible to have the same instance of Ory Hydra with two identity providers? or some way to have SSO in this scenario. Thanks!