Hi @magnificent-energy-493 Where actually Ory Hydra Access token saved? If it doesn't store access token and store only metadata related information of token, such as the client ID, granted scopes, subject, expiry time. then how idp understand that its valid regardless of interospect for bearer and if idp want to revoke it. they need to stored in its own db. I though ory hydra db needs to save it or store it? Q. Wouldn't you still need to store the Access Token though? Usually, the Access Token does not have any information about the User, so you need to store it to associate it to the user - particularly if you don't have your own sessions? I didn't understand how this works without the Access Token being stored. Q. Also, if you are not storing the Access Token, how would the /_revoke_ work? The Provider would know the token was invalid before expiration, but if you were not storing it, or using you own sessions, how would the Benefits application know it was revoked? Q. How is the Access Token stored if it is your method of session management, my assumption is a Domain Cookie?

See my answer here: https://ory-community.slack.com/archives/C010F7Z4XM1/p1718139418233549 Please dont post the same message in multiple channels.

ok sure. thank you!!