Session cookie to tokens

I am trying to set up/write an Ouath2 server with MySQL backend.

The client will be an existing mobile app that already has a user / resource owner logged in and their session id stored in a cookie. The session I am referring to belongs to a different system with a separate database to which I have access.

The idea is that the app could pass the existing session id to the authentication server which would need to check to which user the session belongs and then generate tokens. Does this mean that a Resource Owner Password Credentials Grant is necessary? As I understand, Hydra doesn’t support it - is there an alternative to that? It is important that tokens can be generated for existing sessions without user authorization.

Would such implementation be possible using Hydra?

Currently I’m trying to create a server using Fosite but I am not sure how to add my own handler that would check session ids. Also, not sure how to add MySQL store.

I am pretty new to Oauth2 and Go - any help would be appreciated.

If you think about sending passwords around, you don’t need OAuth2. Instead, I’d recommend checking out something like

Passing sessions/passwords to the OAuth2 server would be a temporary solution. The reason I would like to have an Oauth2 server is that eventually resource owner grant would be abandoned.

There are no temporary solutions in OAuth2 - you either implement it correctly or not at all :wink: OAuth2 and OpenID Connect are for very specific use cases, I don’t think you’re trying to solve on of those which is why I recommend other technology.