I am using a third party identity provider (auth0) using the authorization code flow. Once my app receives an ID token my goal is to exchange that for an access token from hydra and use the web hook to add addition user scopes to the token. (That's next on my todo list). When I receive the id token I validate it using the key from the authentication provider. I then create a trusted key successfully ("trust/grants/jwt-bearer/issuers") but when I try to exchange the token using the token endpoint ("oauth2/token") I get a bad request. I am using client_id/secret ("token_endpoint_auth_method": "client_secret_post"), grant_type: urnietfparamsoauthgrant-type:token-exchange, subject_token: base64 id token, subject_token_type: urnietfparamsoauthtoken-type:id_token, requested_token_type: urnietfparamsoauthtoken-type:access_token. I have played around with adding different parameters too (audience, etc). This is the generic error I get: "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Make sure that the various parameters are correct, be aware of case sensitivity and trim your parameters. Make sure that the client you are using has exactly whitelisted the redirect_uri you specified". Is there a configuration value I need to set?