https://www.ory.sh/ logo
Join Slack
Powered by
<@U04UQ68083H> Do you know if there is an api rout...
# ory-copilot
f
@chilly-king-10285 Do you know if there is an api route to know the authenticated method used by the user for his current kratos active session ?
c
A message from kapa.ai
Yes, there is an API route to check who the current HTTP session belongs to, which can provide information about the authentication methods used by the user for their current active session. You can use the "Check Who the Current HTTP Session Belongs To" endpoint in Ory Kratos. The response of this endpoint includes an 
authentication_methods
field, which is an array of objects containing the authentication methods used by the user during the session. Each object in the array has a 
method
field that indicates the specific authentication method used, such as 
password
, 
oidc
, 
totp
, 
webauthn
, or 
lookup_secret
. Here's the API route for this endpoint:
Copy code
GET /sessions/whoami
You can find more information about this endpoint in the [Ory Kratos API Reference](https://www.ory.sh/docs/kratos/reference/api#check-who-the-current-http-session-belongs-to). Remember to include one of the following headers in your request to authenticate the user: - 
Cookie
HTTP header containing an Ory Kratos Session Cookie - 
Authorization: bearer <ory-session-token>
HTTP header with a valid Ory Kratos Session Token - 
X-Session-Token
HTTP header with a valid Ory Kratos Session Token
f
@chilly-king-10285 Is there any solution to know which provider has been used if it's oidc ?
c
A message from kapa.ai
Yes, you can determine which OIDC provider was used by examining the user's identity data. When a user logs in using an OIDC provider, the provider's information is stored in the user's identity traits. To retrieve the user's identity, you can use the "Get an Identity" API endpoint in Ory Kratos:
Copy code
GET /identities/{id}
Replace 
{id}
with the user's identity ID, which you can obtain from the session information. In the response, you will find the 
traits
field, which contains the user's identity traits. If the user has logged in using an OIDC provider, you should see a field like 
oidc
or 
oauth2
within the 
traits
object. Inside this field, you will find information about the OIDC provider, such as the provider's name or issuer. For example, if the user logged in using Google as an OIDC provider, you might see something like this in the 
traits
field:
Copy code
json {   "oidc": {     "google": {       "issuer": "<https://accounts.google.com>",       "subject": "1234567890",       "profile": {         "email": "<mailto:user@example.com|user@example.com>",         "name": "John Doe"       }     }   } }
In this example, you can see that the user logged in using Google as their OIDC provider. You can find more information about the "Get an Identity" API endpoint in the [Ory Kratos API Reference](https://www.ory.sh/docs/kratos/reference/api#get-an-identity).
f
@chilly-king-10285 but you can't know which oidc has been used for the current session ? what you are sharing is just the associated sso of the identity.
c
A message from kapa.ai
New message text here
3 Views
Open in Slack
PreviousNext
Powered by