hello I started to work with ory hydra, and I love it since first minute. read the docs, see some videos and follow the classic 5 minutes tutorial, everything works without any issue :) but seems that I can't see any example or docs that connect ory hydra to a custom frontend/backend, like how to use ory hydra accessTokens to consume our protected resource apis's /rest/ graphql etc for ex use case have a backend api (resource server), without ory hydra, I use RBAC and Jwt to protect backend API, I validate the jwt and give access if valid or not...... now I want to do the same, or a sort of, with ory hydra, I want to use it to protect the backend api with ory hdra tokens, for ex ory hydra will be a oauth2/oidc authorization server, and after login, the oauth2 tokens will be used to access the backend api like we do with google for ex, we login with it in any third party app and third party app use this authentication to connect to its internal and google services I believe I may be confusing and misinterpreting, can someone tell me the best way to use ory hydra/accessTokens with a backend api we need to use ory kratos, and all the other ory umbrella projects for this use case? or can we use only hydra? thanks

If you use JWT tokens with Hydra then you can use JWKS from

.well-known/jwks.json

endpoint to verify them as you would do with any OIDC provider (see https://www.ory.sh/hydra/docs/reference/api/#operation/wellKnown). If Hydra tokens are opaque you can introspect them with

/oauth2/introspect

https://www.ory.sh/hydra/docs/reference/api/#operation/introspectOAuth2Token.

@User awesome reply, awesome time to read the links that you sent me is any example show this use case in ory repository? thanks and sorry for the later response

I am not sure there are any examples, maybe @User knows.

thanks @User in this case, I think a simple curl to validate the token like you said is more than enough maybe with 5 minutes tutorial but first is better to read the links that you send me If I create some kind of minimal poc api, I leave here the repo connected to 5 minutes tutorial

No need to be sorry, hah. See: https://www.ory.sh/hydra/docs/advanced/#json-web-tokens

Thanks @User for another great tip A lots of awesome stuff to learn, ory stack seems very good for my use case. But docs in my humble opinion, seems miss some stuff to glue everything, I think it deserves a second part of 5min tutorial with a spa frontend using a backend api, will clear some things for newbies like me......just an opinion, nothing more If we don't talk in a few days, Mery Christmas budie, and thanks for your support

Merry Christmas!

Love the idea Mario; and never hesitate to ask "simple" things, this helps the whole community! It is high up on my list to provide more examples for all kinds of different set ups /use cases/ languages. Will reach out to you after the holidays, possibly you can help me with some feedback 🙂

@User great news! Like a christmas gift! Sure I will help if I can. I'm planning to learn the basics about ory impressive stack, and do some mobile starters like ionic react/capacitor and flutter (both iOS and android), and one react spa app, both requesting a simple rust or nestjs api (the stacks that I currently work in backend, frontend and mobile) Im working on oauth2 server implentation based on portuguese citizen card, to use on my opensource solidary project, named SolidaryChain, that is a big open and transparent book of blockchain transactions. And know that I found the right piece for oauth authentication in Ory with support and help of Ory awesome community is simple great In the past I use spring boot security and oauth2 project, or develop own rbac jwt authorization in backend, using any db or ldap etc, but this time I want that this service be used by third party clients, and for this nothing better than oauth2/oidc Thanks to the awesome ory community and Mery Christmas Ory Fellows!