Just want to know,how to use access token with Hydra

[leapit]

I managed to setup ORY Hydra in a docker container and tests show that it is working fine,finally got the access token,just want to know how to use this access token with my resource server for API access.

I think before client send access token (bearer) to resource server for API,Hydra should validate the access token authorized.

Any doc or examples for this? @aeneasr

[Benehiko]

Hi @leapit

I believe these are the docs you are looking for: https://www.ory.sh/hydra/docs/guides/oauth2-token-introspection
You can check against the Hydra introspection endpoint on your resource server through a middleware or by using Oathkeeper's oauth2 introspection handler. https://www.ory.sh/oathkeeper/docs/pipeline/authn#oauth2_introspection

[leapit]

@Benehiko thanks, when i check the doc https://www.ory.sh/hydra/docs/guides/oauth2-token-introspection,the node example use

http://ory-hydra/oauth2/introspect

is this ory-hydra means 4445 admin port?

because the following curl use http://localhost:4445/oauth2/introspect

why not use the same address,a little strange.

[vinckr]

Yes ory-hydra means the admin port here.

It is expected that this endpoint is not made publicly available to developers. End-user clients should not be allowed to use this endpoint since the response may contain privileged information that developers should not have access to.

Would you be open to make a small change in the docs here 🙏 ?

[leapit]

@vinckr thanks your reply,and I created a PR for this #2751