Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

hi all, im currently trying out<https://www.ory.sh/docs/hydra/guides/claims-at-refresh#webhook-payload| hydra webhooks> to trigger the creation of keto relations after the consent has been completed but the data i receive is missing the scopes the user allowed.
i get the kratos subject id on `session.id_token.subject`, which is nice, but i need to know also what scopes the user selected. am i missing something?

this is the data i receive on the webhook + session but i removed that part because it includes all the data i need already.

```"request": {
    "client_id": "dd13b694-873d-46ab-8fa0-ad51388f55ff",
    "granted_scopes": [],
    "granted_audience": [],
    "grant_types": [
      "authorization_code"
    ],
    "payload": {}
  }```

docs show that i should receiving something like
``` "request": {
    "client_id": "app-client",
    "granted_scopes": ["offline", "openid", "hydra.*"],
    "granted_audience": [],
    "grant_types": ["authorization_code"],
    "payload": {}
  }```

and my `/callback` endpoint is receiving the scopes correctly
```{
    "access_token": "ory_at_7u",
    "refresh_token": "ory_rt_-",
    "scopes": "openid offline_access drop:mint drop:create"
}```

I'm facing the same issue. Did u find any explanation for that?