Support of custom grant types

avasenin · November 24, 2020, 12:18pm

Is it any way how I can extend Hydra to support completely custom grant types?

I know ROPC is not supported, but my question about completely custom grant types and the way how we can provide my custom implementation to hydra (similar to consent app for UI).

For example we have a use case when we want to do a token exchange with legacy systems and authenticate it. One of the legacy system uses opaque tokens and we trust them and want to do token exchange to Hydra token to be compatible. Ideally will be to have custom grant for /token endpoint which accepts the legacy token, do all checks and returns hydra token.

hackerman · November 24, 2020, 4:01pm

Unfortunately not, ORY Hydra is built to support state of the art OAuth2 and OIDC flows - any bespoke legacy or custom integrations need to be handled otherwise!

avasenin · November 24, 2020, 5:14pm

Any advice how we can handle such cases?

In fact we are looking something similar to token exchange (RFC 8693) but with ability to decide should we allow the token for exchange or nope from sided application (e.g. consent app).

hackerman · November 24, 2020, 6:14pm

We could generally add token exchange to fosite (the oauth2 framework hydra uses) but it is currently not implemented. We do welcome contributions though towards this feature but I just want to caution that it will most likely take a lot of time in terms of implementation!