Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hi folks, I am happy to using Ory Hydra for OAuth server in the production. But I have some question about how to fix the issue when customer found may login or consent with the same request. I have no idea about How? Because I just have only few information from client app (different team). As I checked from server log see
```{"error":"invalid_request","error_description":"The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Field 'subject' does not match subject from previous authentication."}```
As I understand, Hydra found the subject was sent to accept login/consent challenge not same as previous. But How does it know? and How to fix this issue such as API call to revoke or clear session allow user to login etc

For additional information, Client mobile application run our login UI via webview and allow users to keep app in background open and use the same broweser not reload or create a new request to our OAuth server

Please help us for any suggestion to fix an issue.