Hi, I'm trying to add support for access to one of our APIs using the OAuth2 client_credentials grant. To do this, I'm creating an Identity in Kratos with the user's metadata, and then creating an OAuth2 Client in Hydra with the client_credentials grant type enabled. Then I put the API behind Oathkeeper, using the oauth2_introspection authenticator, and I can access the API when I provide the client_id and client_secret. My question is how to associate the OAuth2 client_id (auto-generated in Hydra) with the the Identity ID (auto-generated in Kratos), so that the API has access to the user's metadata. I'm not sure if this relationship should be represented by: 1. setting the "owner" field to the Identity ID when creating the OAuth2 Client (i.e. store the relationship using Hydra) 2. setting the OAuth2 client ID in the "credentials.oidc" section of the Identity schema (i.e. store the relationship using Kratos) and in either case, I'm wondering how Oathkeeper should be configured to pass the Identity ID to the API. At the moment the only thing I've seen is that

.Subject

contains the OAuth2 Client ID.