Guys, hi! I have a question regarding oauth protocol more then hydra itself. Is it possible during consent flow to set arbitrary data inside the token that the third party will receive in the, so that it could be read for third party? I would like to provide a single selection list on my side, and inform the third party which element exactly the user did select. Thank you in advance, sorry for dumb questions.

what you’re likely interested in is the session param in the accept consent endpoint - https://www.ory.sh/docs/hydra/reference/api#operation/acceptConsentRequest

Thanks, I see it! And how is this session is available to client? Is it a part of OAuth protocol? Or should I tell the client how to parse the access token?

i haven’t used it myself, but based on the docs it looks like it should be available as part of the userinfo response - https://www.ory.sh/docs/hydra/reference/api#operation/userinfo

On the token introspection endpoint docs I see it should be private. So probably introspection is not for third parties to use. But there is also a mention of using JWT Profile and IIUC hydra supports JWT. So maybe I could achive what I want to achive with JWT?

https://www.ory.sh/docs/hydra/concepts/openid-connect-oidc#userinfo -

Any information set to the key session.id_token during accepting the consent request will also be included here.

Yeah, thank you, looks promising!