v25.4.9

Optionally Discard Skipped Consents

When enabled, the new feature_flags.discard_skipped_consents configuration option instructs Hydra to not store the full consent (SQL table hydra_oauth2_flow). Instead, only an identifier is stored for a short period of time to prevent reuse attacks. It is possible to skip consents for trusted OAuth2 clients per default by setting skip_consent to true for the trusted clients. Otherwise, only consents that were already granted will be skipped.

Limitations

When this feature is enabled, OAuth2 client front- and back-channel logouts will not work anymore.

Example

feature_flags:
  discard_skipped_consents: true

v25.4.9​

Optionally Discard Skipped Consents​

Limitations​

Example​

Ory Network

v25.4.9

Optionally Discard Skipped Consents

Limitations

Example