Hi everyone, We are using Hydra self-hosted but we don't menage to get the token through the Authorization Code flow in our app like we have in /callback url give by the command

hydra perform authorization-code

(docs here : https://www.ory.sh/docs/hydra/cli/hydra-perform-authorization-code). It seems that the token is only sent this way or there is another way that I can't find?

Hello Jordan, I am not sure what the problem is here, but we also offer more hands-on support now, if you are interested and have a budget: https://www.ory.sh/professional-services/

Ok, I will try to explain better and in more detail. When you follow the 5 minute tutorial for Hydra (https://www.ory.sh/docs/hydra/5min-tutorial), at the end you will be redirected to http://127.0.0.1:5555/callback with access, refresh and ID tokens as in the screenshot here (from the video https://www.ory.sh/docs/assets/medias/oauth2-ory-c3c1682af2a0511961e1ee3027dada10.webm ). But I want my tokens in my Typescript application so I changed the redirect url to my application host on port 3000 but I could not get the tokens with the authorization code (query param code available in my url). Do you have any clue how to do this? I don't think I'm the only user of this specific flow ?

I see. Definitely not the only user of this flow, but there could be many reasons as to what is happening… Can you make sure it is nothing from this list please?: https://www.ory.sh/docs/self-hosted/hydra/debug/csrf Is there some kind of error or what shows up in your application?

Hello Jordan, I also faced the same issue a while back. 1. When you click the

Authorize application

it redirect to incorrect

redirect_uri

after running the

hydra perform authorization-code

. So you have to manually change it. 2. To your

redirect_uri

you will get the scope, code and state in the params 3. Then you have to make POST call to hydra public

oauth2/token

with the details to get the access token and refresh token

Thanks Vincent but it seem there is no CSRF issue. Hello Sanket, this is the point where I'm stuck now,

Authorize application

redirects correctly to my

redirect_uri

with scope, code and state but I can't get it to work. How did you get your POST call to hydra public

oauth2/token

to work ?

I made the below request which give me the details

curl --location --request POST '<https://hydra-public.example.com/oauth2/token>' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=authorization_code' \
--data-urlencode 'scope=openid offline' \
--data-urlencode 'client_id=<client-id>' \
--data-urlencode 'code=<code>' \
--data-urlencode 'redirect_uri=<redirect_uri>'

Also based on the authentication flow in this case was basic auth I added the client_id and client_secret.

Ok perfect thanks @brave-pillow-3744 you gave me all the details I needed and it works!

great to hear that it got resolved. Can you think of a place in the documentation where we can include this for other users in the future? @delightful-noon-48365

@magnificent-energy-493 Maybe a little mention on the 5-minute quickstart at the end, something like: If you want use a another redirect uri to your application and get tokens like 127.0.0.1:5555/callback page you have to: 1. Change the

--redirect

argument when you create your client with the command

hydra create client

2. Change the

--redirect-uri

argument when you create the authorization code flow through the command

hydra perform authorization-code

3. Now at the end of the flow you will be redirected to your now redirect uri, but you have to perform a HTTP POST request to get tokens with the instructions given by @brave-pillow-3744