First-Party Viability


I apologize if this is more of a general OAuth2 related question.

My current project is to set up an OAuth2 system using Hydra, but it will initially only be used for first-party apps. Is there anyone in this community who has done this? Is using Hydra with first-party apps viable?

So far I am very impressed with Hydra, and I think it provides a very robust service that also allows for quite a lot of customization. But during my work, I can’t help but feel like there are cases where using only OAuth2 tokens would create issues, because it cant always take details from the Identity Provider into consideration. For example, from looking at the documents, it seems like an issue could arise when a user updates their password in the follow case:

If the user is logged in and changes their password from inside the application, there is no way to invalidate other sessions tied to that user.

This may be a lack of understanding on my part, but is it common to tie OAuth2 access tokens to a local session system in order to provide more granular control over a user’s session? Or do the OAuth2 specifications provide all the control you need? How are people using Hydra handling this?

My current view of OAuth2 is to mainly be a method for authenticating a user via a third party system without having to gain access to that user’s credentials, but I have talked to others who say it is a viable first-party authentication system.

I would really appreciate any insight from the community!

Thank you

Hey there, glad to see you enjoy the stack! First of all, I think what you’re looking for is ORY Kratos because it solves everything you said you need :slight_smile:

OAuth2 and OpenID Connect are delegation protocols, meaning they specify how third parties can access your users’ data. For most first-party use, OAuth2 and OpenID Connect is not the right tool unless you have a ton of ways people interact with your system (e.g. Smart TV, CLIs, …).

Also, check out this:


Thank you for all the hard work.

I see. I thought that was probably the case. Kratos looks very interesting. I will look into it this weekend.

Thank you for that link. I didn’t see it when I first started working with Hydra a few months ago. I feel like it sums up the feelings I had! Thank you for writing that. It makes it easy to convey!

Thank you

1 Like