I'm using Hydra + Kratos via docker images as per documentation and I have following concerns Can anyone please clear following points: 1- Do we have to create a client using Hydra for every Registration or logIn flow. 2- Currently from documentation we can generate the client from the command line using docker-compose exec, Can you use some hydra api or any otherway on production 3- After create client I notice kratos redirecting back to hydra can you please tell me how its working 4- Hydra Admin can anyone access do we need to secure it? for example: 127.0.0.1:4443/admin/clients

Hello @fast-agent-29694 1. No, you don’t have to create a client for every registration or login flow. The client in Hydra represents an application that wants to access the user’s account. It’s not tied to individual users or sessions. It’s more like an API key for your application. You can create a client using the

hydra create client

command or the equivalent API endpoint. source 2. Yes, you can use the Hydra Admin API to create clients programmatically. The command line is just one way to interact with Hydra. In a production environment, you’d likely use the API directly from your application code. source 3. The redirection from Kratos to Hydra is part of the OAuth 2.0 flow. When a user tries to log in, Kratos redirects them to Hydra to authenticate. After successful authentication, Hydra redirects back to Kratos with an authorization code. Kratos can then exchange this code for an access token. source 4. The Hydra Admin endpoint should be secured and not exposed to the public internet. It’s used for administrative tasks like creating clients and should only be accessible to trusted services. You can secure it using network policies, firewalls, or other security measures. The exact method depends on your infrastructure. source