Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hello! I'm currently using Ory Kratos and Ory Hydra. I implemented the native way (using API endpoints instead of browser) to authenticate in mobile using kratos. But I don't like to use the Cookie as my session. Is there a way to use the OpenID to generate tokens(access, refresh) in kratos? I don't like to use the OAuth as well in native since it needs to open up a browser which kind of not native way to do it. Is there some kind of documentation for this? Thank you.

Hello <@U039P4XNES2>
You can use Ory Oathkeeper with a mutator to transform the Kratos Session Cookie into a JWT: <https://www.ory.sh/docs/oathkeeper/pipeline/mutator>

There is no way to use OpenIDConnect “without OAuth2/browser” AFAIK

Just got to see the docs and tried implementing it. But I can't find where this specific case is documented or possible. What I am trying to achieve is something that the mobile app will be using as a session token (JWT token that can be verified through JWKS).  And usually mobile sessions are short live and needs to be refreshed from time to time. I'm guessing Ory does not support this kind of scenario?