Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hi community, I'm still confused about the two cookies after reading <https://github.com/ory/hydra/discussions/2410>

could you please suggest where I could find the documentation about the usages of the cookies: `oauth2_authentication_csrf` and `oauth2_consent_csrf` ?

coz we have a plan B to put an app between the user agent and hydra: not let hydra to talk to our users' browsers directly, I think it would be important to gather this info

I saw
&gt; ORY Hydra keeps track of user sessions. It does so by issuing a cookie which contains the user ID. On subsequent OAuth2 / OpenID Connect flows, the session will be checked and the Login Endpoint will be instructed to, for example, show the Login HTML Form or skip the Login HTML Form.
which I believe is the usage of `oauth2_authentication_csrf`?