In Ory Hydra, consent is a crucial part of the authentication process. After a user is authenticated, for example by username & password, session cookie or other means, Ory Hydra needs the user's consent. It redirects the user agent to the consent endpoint where the user is asked if they want to grant the application certain permissions, such as read access to their data. Once the user gives consent by affirming the request, the consent endpoint redirects back to Ory Hydra. Hydra then validates the request and issues the access, refresh, and ID tokens. This process is part of the "Ory OAuth 2.0 login & consent flow". There are specific API endpoints in Ory Hydra related to consent, such as

PUT /admin/oauth2/auth/requests/consent/accept

which is used to tell Ory that the subject has authorized the OAuth 2.0 client to access resources on his/her behalf. Another one is

GET /admin/oauth2/auth/requests/consent

which is used to fetch information on the OAuth2 request and then tells Ory if the subject accepted or rejected the request. You can find more details about these endpoints in the [Ory Hydra API Reference](https://www.ory.sh/docs/hydra/reference/api). For customizing the user login and consent flow, Ory provides guides and example implementations, such as a [Node.js implementation of an app that implements custom login and consent](https://github.com/ory/hydra-login-consent-node) on Ory's GitHub. Sources: - [Ory Hydra case study Part 2](https://www.ory.sh/docs/hydra/case-study) - [Ory Hydra API - oAuth2 - Methods - acceptOAuth2ConsentRequest](https://www.ory.sh/docs/hydra/reference/api) - [Ory Hydra API - oAuth2 - Methods - getOAuth2ConsentRequest](https://www.ory.sh/docs/hydra/reference/api) - [User login and consent flow](https://www.ory.sh/docs/oauth2-oidc/custom-login-consent/flow)