Hello all, I cannot find and example how to configure oathkeeper to authenticate kratos session token (https://www.ory.sh/docs/kratos/session-management/overview#using-ory-session-token). I will be grateful for any hints, thank you!

Hello @kind-receptionist-82950, AFAIK you should add mutator to your oathkeeper.yml file

mutators:
  noop:
    enabled: true
  header:
    enabled: true
    config:
      headers:
        X-User-Id: '{{ print .Subject }}'
        X-User-Extra: '{{ print .Extra.traits }}'
  id_token:
    enabled: true
    config:
      issuer_url: <http://localhost:3000/>
      jwks_url: file://./id_token.jwks.json
      claims: |
        {
          "session": {{ .Extra | toJson }}
        }

I am not dealing with JWT tokens here, mutator happens AFTER the athentication phase.

You have to use the cookie Session authenticator for this: https://www.ory.sh/docs/oathkeeper/pipeline/authn#cookie_session and forward the cookie issued by kratos to it's whoami endpoint.

@icy-manchester-83109 cooke_session authenticator does not work, hence the question. We solved it with bearer authenticator, but I would like to double check if that is the proper way.