I start working with Hydra, and then I realize that we don’t need the consent phase since all Hydra clients will be our platforms.
can I trust at least a whitelist of clients to skip/automate the “consent” phase in the authentication process?
also, I have a question about the first step in the flow: the OAuth 2.0 Client initializes the Authorize Code Flow, and then craft a URL of ORY Hydra to redirect the user to it, and that URL is:
This redirection happens always and regardless of whether the user has a valid login session or if the user needs to authenticate
then talks with Login Provider and depends on what it replay.
my question is: since the redirection always happens, why I need to redirect the user to ORY Hydra instead of talking to the Login Provider in a directed way? moreover, if I redirect the user from OAuth2.0 client to a static page that talks to the Login Provider directly, does something like this will affect Hydra?