Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hello, I am self hosting Oathkeeper and Kratos for a Mobile App project.
I am using the API endpoints for Kratos and thus get an Ory session token when logging in that looks like this `ory_st_7ek8qeAbffehkb9dGFoz1dWNZeVQuatd` .

I am having trouble finding any documentation on how to setup my access rule to verify the session token.
I can see bearer_token and cookie_session but it does not seem to be what I need.
Which authenticator should I use ?

It was in fact `bearer_token` that I had to used.
I struggled for a long time because I was very unsure it was the way to go and I had to specify `token_from`  and `forward_http_headers` .

Here is how my authorization looks like now that it works:
```bearer_token:
                  enabled: true
                  config:
                      check_session_url: <http://kratos-public:80/sessions/whoami>
                      token_from:
                        header: X-Session-Token
                      preserve_path: true
                      extra_from: "@this"
                      subject_from: "identity.id"
                      forward_http_headers:
                        - X-Session-Token```