Hello, if this is not the right place to ask this question please tell me where I should put it. Our company wants to start working with Ory but we are still a little bit confused about how the actual workflow would look like. What we want to achieve is have Kratos as an identity management system and use Hydra as the OAuth2 provider. Basically we want to have Hydra return JWT access and refresh tokens that can be validated by our services using Hydra's JWKs. I have read your recommendation page of not using JWT but this is not really an option for us unfortunately. So my questions are: How to I make Hydra talk to Kratos? How do I make Hydra return JWT tokens (eg. in the body) so that the client can parse them?

Hello @proud-ram-78226 you are in luck! we just released Hydra 2.0, which comes with a native Kratos integration. You can test it out on the Ory Network right now. As for the JWT token problem - you most likely want Kratos to return the session in a JWT. This is possible with a little workaround, you can use Ory Oathkeeper to transform the cookie session in a JWT. https://www.ory.sh/docs/oathkeeper/pipeline/mutator#id_token

Thanks. Regarding the transformation: can I put in a user's groups into these custom claims? does kratos support such user groups?

Hey that's great !! Ory Identities is now compatible with the Ory OAuth2 Login and Consent Flow. This means, for example, that Ory Kratos can be the login provider for Ory Hydra with a bit of configuration. How can i set this up in docker & configure this in hydra.yml

Hello @strong-librarian-31099 We still need an out-of-the-box docker configuration for this integration. You can also figure it out on your own, but official docs are coming. If you want to juse use it, I recommend to check out the Ory Network service https://console.ory.sh/registration