Hello, I am trying to get an access token to be used with my private API by providing a Google credential (IDToken). My understanding is I need to use Hydra for that, with the JWT-bearer grant type. I am stuck trying this as Hydra refuse my Google IDToken as the Audiance is not the OAuthURL from Hydra. But as far as I know, I can not customize the Audiance with Google, and I can not found how to accept a different Audiance during the Trust Relationship configuration. Am I missing something ?

I'm not quite sure if I understand the use-case here. Can you add some details? I assume that you use social/SSO login with google to get an OIDC ID token? What do you want to have in the end in your API service?

I wish to have an Identity that have multiple credentials. It can be Social Credential (Google, Gamecenter) or Username/Password Credential, maybe OTP in some future. They all are linked/associeted to the same Identity. I also want that when the User request an AccessToken, he can provide any of the credential he used, the token Subject will always be the same (the Identity ID)

OK in that case you need to use Kratos/Ory Identities and the social integration there: https://www.ory.sh/docs/kratos/social-signin/overview Maybe get started here instead, just to make sure you understand the underlying concepts: https://www.ory.sh/docs/identities/get-started/

Thank Patrik, I am still missing something here. For reference, 1. I am using Go as language 2. I need to use the native flow as it will eventually be a native app (app won't be in Go, but I am just going with a language I use) 3. I don't want to open Session, I want to get AccessToken only Follwing the link you have me, I saw this guide https://www.ory.sh/docs/kratos/social-signin/native-apps#implementation. When asking to adapt it to go to the ChatBot, it suggests me to: Step 1: Initialize the Native Login Flow Step 2: Obtain a Google ID Token (on my own) Step 3: Submit the Login Flow with Google OIDC Following it work, but it give me a Session Token, which is not what I am looking for. So I am not sure if the chatbot mis translate the flow, or if the flow is not what I am looking.

Our projects are modular, so the OAuth2 service that issues access tokens does not know anything about credentials and identities. Our identity service that issues session tokens does. You can use both in tandem though so that a user logs into the identity service as part of the OAuth2 flow and gets the access token in the end. We have a blog post explaining what exactly OAuth2 is and when it should (not) be used: https://www.ory.sh/blog/oauth2-openid-connect-do-you-need-use-cases-examples You can find more examples of how services can be used together and use-cases here: https://github.com/ory/awesome-ory