also kind of random but if hydra hands out OIDC JWTs then wh

Question

also kind of random but if hydra hands out OIDC JWTs then why does it have session management Or am I misunderstanding something

magnificent-energy-493 · Answer

gt Ory Hydra maintains a session cookie When a user signs in the cookie will be set for that user This allows the next OAuth2 request to complete without requesting the user to sign in again This is not the same as the Application Session that you would handle for example with Ory Kratos This document also explains it a bit more <https www ory sh docs hydra concepts before oauth2 access and refresh tokens are not sessions> Let me know if that made it clearer OAuth2 is hella confusing

thousands-church-11419 · Answer

eyes reading it

magnificent-energy-493 · Answer

Did that make it clear < U02UULRTT6V> I am wondering how we could improve this in the docs since it comes up a lot

thousands-church-11419 · Answer

Hey < U011D3UQKNY> I think I understand but I think I somewhat disagree on your stance about oidc in general I feel like I m missing something though so it s hard to feel confident disagreeing

thousands-church-11419 · Answer

I think need is always contentious You don t need oidc there are definitely alternatives Using oidc for first party login makes sense to me mostly because of standardization and allowing the client to fetch their own credentials I d actually say the question is if you need scopes and for most products the answer is no

thousands-church-11419 · Answer

But yeah for a typical api driven system with a mobile app I think registering clients letting them get their own credentials using JWTs etc the rest of the stack makes a lot of sense I think worry that for most companies you d end up creating a worse version of oidc hydra pretty quickly as feature requests start coming in for things that are common in most apps