I’d like to be able to leverage my existing KMS infrastructure on GCP with Hydra. I’ve developed an auth system to handout JWTs that I’d like to replace it with Hydra. (and its extra attention to the Oauth2 Spec along w/ built-in defenses!) Many of the existing underlying components should be able to be used with fosite - reading through the fosite documentation, I’m pretty sure I can implement a strategy to leverage the KMS infrastructure. However, I see no way to bring that into Hydra, even if I’d like to manually bootstrap Hydra and not use the precompiled version.
Specifically, I’ve implemented a signing method to leverage the IAM API on GCP (see: https://github.com/someone1/gcp-jwt-go) and want to use that instead of passing in a secret for Hydra to use for encryption/signing. GCP also handles things like key rotation automatically and I think I can also utilize Cloud Endpoints if JWT tokens are generated using this method.
Is this within the scope of Hydra or am I better off implementing the strategy for fosite and the corresponding /auth, /token, etc. handlers myself? Can I inject my own fosite implementation to the hydra/oauth2 package and be on my way, knowing I won’t need the additional features of Hydra?
I’d appreciate any guidance on this, I think I can leverage parts of Hydra using custom configurations, like for the oauth2 parts, but I’m perfectly fine utilizing the normal Hydra bootstrapping for the remainder of how the server runs.