Get session status from the sid with Ory Hydra

[javid-gulamaliyev]

Hello! I am using Ory Hydra with OAuth and OICD setup and a custom Identity provider application.

My question is, is it possible to check the Hydra session status based on sid? I know that one can introspect a token, however with multiple clients setup the Identity provider doesn't have access to these tokens. One could communicate these back from the individual clients, but that is difficult to scale as more and more clients are added. Since session revocation doesn't revoke tokens either, there is more complexity added in having to revoke tokens.

Being able to query whether a session is active based on the sid would solve this.

Alternatively, is there a way to "hook in" some custom behaviour that can happen before or after the client redirect (like communicating the token to the Identity provider)?

Thank you!

[vinckr]

Hey @javid-gulamaliyev
AFAICT there is no out-of-the-box way to do this.
There is probably a way (requires custom code and deep understanding of OAuth2 though).

Much easier would be to not use OAuth2 in a first-party scenario, but rather a solution like Ory Kratos. Session and user management is much easier if you dont use the OAuth2 "way" (which makes sense since its not designed for that use case)