Hi all, I have Hydra and Kratos set up together self-hosted in Docker, using Kratos for password authentication and Hydra to provide OAuth2 tokens. I want to t get an id_token back with the access token, which I think means setting Kratos up as the oidc provider. AFAICT though the docs only explain how to use an external OIDC provider. I'll share my kratos.yml and hydra.yml files here:

version: v1.0.0

serve:
  public:
    base_url: <http://localhost:8080/>
    cors:
      enabled: true
  admin:
    base_url: <http://kratos:4434/>

selfservice:
  default_browser_return_url: <http://localhost:8080/member/token>
  allowed_return_urls:
    - <http://localhost:8080/member/token>

  methods:
    password:
      enabled: true

  flows:
    error:
      ui_url: <http://localhost:8080/self-service/error>

    settings:
      ui_url: <http://localhost:8080/self-service/settings>
      privileged_session_max_age: 15m
      required_aal: highest_available

    recovery:
      enabled: true
      ui_url: <http://localhost:8080/self-service/recovery>
      use: code

    verification:
      enabled: true
      ui_url: <http://localhost:8080/self-service/verification>
      use: code
      after:
        default_browser_return_url: <http://localhost:8080/self-service/>

    logout:
      after:
        default_browser_return_url: <http://localhost:3000/>

    login:
      ui_url: <http://localhost:8080/self-service/login>
      lifespan: 10m

    registration:
      lifespan: 10m
      ui_url: <http://localhost:8080/self-service/registration>
      after:
        password:
          hooks:
            - hook: session

log:
  level: debug
  format: text

secrets:
  cookie:
    - xxx
  cipher:
    - xxx

ciphers:
  algorithm: xchacha20-poly1305

hashers:
  argon2:
    parallelism: 1
    memory: 128KB
    iterations: 2
    salt_length: 16
    key_length: 16

identity:
  default_schema_id: default
  schemas:
    - id: default
      url: file:///etc/config/kratos/identity.schema.json

courier:
  smtp:
    connection_uri: <smtps://test:test@mailslurper:1025/?skip_ssl_verify=true>

oauth2_provider:
  url: <http://hydra:4445>

And hydra.yml:

serve:
  cookies:
    same_site_mode: Lax

# configures time to live
ttl:
  # configures how long a user login and consent flow may take. Defaults to 1h.
  login_consent_request: 1h
  # configures how long access tokens are valid. Defaults to 1h.
  access_token: 24h
  # configures how long refresh tokens are valid. Defaults to 720h. Set to -1 for refresh tokens to never expire.
  refresh_token: 1m
  # configures how long id tokens are valid. Defaults to 1h.
  id_token: 24h
  # configures how long auth codes are valid. Defaults to 10m.
  auth_code: 10m

Any suggestions?