Get access token without going through auth flow

Is it possible to get an access token for a specified subject + scopes without requiring the auth flow using the admin API(or some other API if possible)?

We’re trying to integrate Hydra with our existing infrastructure and need to provide a b/w compatible way to login. It’s very clunky to simulate user oauth2 flow.

Thank you!

Hello, I have exactly the same question. Anyone have any news or information to share?

Thanks very much!


Not possible at the moment!

Thanks! Any particular technical reason for that, or is it just not implemented yet?

I’m evaluating whether Hydra would be a good solution for my use case. If I have a user who’s already logged in to our first-party Web app, I want him to be able to generate an access token so that he can make API calls. Hydra seems to do 99% of what we want/need, but it’s lacking a simple way to generate tokens for first-party apps (unless I’m missing something). Any thoughts or recommendations?

Thanks again!

It’s really convoluted but you can provide your own service that fakes the auth flow and grab a token for you.

Presumably, you are providing your own idp anyways, so this shouldn’t be too difficult.

It’s just rather terrible, slow and has many potential failure points.

Is it difficult to implement? Would it be worth it to encourage a contribution for this?

Yes, that’s what I’ve been working on for the past few hours, and it is indeed quite complicated (especially for someone who’s learning the OAuth protocol and Hydra at the same time).

Perhaps I’m just trying too hard to fit a square peg in a round hole; maybe Hydra isn’t intended for my use case.

It’s just surprising to me that there’s no REST endpoint in the admin API to create a token directly. Is there a technical reason for that (security hole for instance)?

It can’t really be a security problem as you can simulate the auth flow anyways when you have client id/secret/idp implementation anyways.

For me, it would be incredibly useful!