Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

_*Context:*_
===
When a user signs in to my site, they get authenticated through kratos and a session cookie is set.
The issue is, I want my website's session to be synced with the chrome extension for the site.
(An example of this would be that when you sign in to <http://grammarly.com|grammarly.com>, the extension also recognizes that you're signed in. So you don't have to sign in through two places)
Of course, Kratos's cookies are HttpOnly but my extension could still grab the cookie through chrome.cookies.
Then the extension forwards the cookie to my api server.

_*Question:*_
===
_How does my api server confirm that a session cookie is valid?_
_Would it be through ory/client-java? Or is that only for self hosted ory instances?_
_If so, how do I validate a cookie on the ory network?_