My web application consists of several services. Service can call other service inside cluster. In this case it gets token from hydra using client_credentials flow. Callee service checks token and scopes. Also when users of my application login, I use hydra to perform oauth2 Authorization Code Grant flow. In the end hydra issues token to web client. Everything work ok right now.
Now I want to provide API access to users. So users need to somehow authorize to api. Oauth2 seems too complex for developer who just wants to make several api calls, so I choose api_key approach. User can generate api key in my app and then use it to make api calls. It never expires, user can revoke it.
One approach to do this with hydra is to generate hydra client per user and use oauth flow to issue access_token, but I want api_keys to never expire, and I don’t want developers to deal with refresh_tokens. So I decided to implement and store api_keys myself. When request with api keys arrives to cluster, I want to exchange it to hydra token(I use jwt right now), so all services will not deal with several auth approaches(api_key and hydra token).
Is it possible to achieve this? I mean generate hydra token with subject I want(user Id that corresponds to this api_key). Or maybe I totally miss the point and should use other approach?