Hi everyone, At DQC we are huge ory fans! Kudos for Kratos / Oathkeeper and the like. Because of the nature our clients and hybrid deployments, we cannot use ory cloud (which is a pity, we would love to!). Question: many of our clients use our Microsoft Login option (OIDC) to use our apps, and we anyhow just need delegated access to the user profiles. We would like to also let the user query other Microsoft APIs (MS Graph) and would require now the access-token of these users, as with the delegated type, and further permissions of the App Registration, we could be acting on behalf of a signed-in user. Which would be our ideal scenario. Until now, we relied on kratos & oathkeeper and had everything cookie based. Which would be great to keep, but for such calls we require an access-token. Which we struggle to get. We know about calling

'https://{kratos}/admin/identities/{identityID}?include_credential=oidc'

But this will only return the access-token from the sign-up, if I’m not mistaken. We did not find a good hint in the documentation, thus asking, anyone who can point us into the right direction? Any hint is much appreciated!