I am trying to set up/write an Ouath2 server with MySQL backend.
The client will be an existing mobile app that already has a user / resource owner logged in and their session id stored in a cookie. The session I am referring to belongs to a different system with a separate database to which I have access.
The idea is that the app could pass the existing session id to the authentication server which would need to check to which user the session belongs and then generate tokens. Does this mean that a Resource Owner Password Credentials Grant is necessary? As I understand, Hydra doesn’t support it - is there an alternative to that? It is important that tokens can be generated for existing sessions without user authorization.
Would such implementation be possible using Hydra?
Currently I’m trying to create a server using Fosite but I am not sure how to add my own handler that would check session ids. Also, not sure how to add MySQL store.
I am pretty new to Oauth2 and Go - any help would be appreciated.