Hi Folks,
I am playing along with hydra and the Auhtorization Code Flow with PKCE. Right now I would like to add to this puzzles the Oathkeeper, as it seems the best option for my purpose: however, I cannot see anything in the guide about it, nor the flow without PKCE. I would like to use the hydra combined with oathkeeper for native app and for web. Any guidance on this side?
Thanks a lot!
Artur
PS. Great stuff fro ORY!
Hi there, Oathkeeper doesn’t consume OAuth2 tokens, it’s just able to verify them which is why you won’t find anything about PKCE there 
Creating the ‘routings’, with noop to the authorization server, the hydra, should be sufficient to provide the access token to the client. Then, the client could, with access token call the ./my-data - it will be verified by oathkeeper, accordingly to the handlers. Am i right in this?
Thanks a lot!
I think so, if I understood you correctly
@hackerman and one more thing - is it possible to have 1 instance of the hydra for both, the jwt and opaque tokens for different clients?
No!