To generate a JSON Web Token (JWT) from a cookie in Ory, you can use the Ory Proxy or the Ory Session to JWT feature. Here are the steps: 1. Using Ory Proxy: Ory Proxy can translate known Ory credentials, such as Ory Session Cookies, to JSON Web Tokens. When a user calls Ory Proxy with a valid Ory Session Cookie, Ory Proxy resolves the session and converts it to a JSON Web Token. The token is then included in the

Authorization

HTTP header of the request made to the application behind Ory Proxy. Here is an example of how to call Ory Proxy with a valid Ory Session Cookie:

bash GET /some-path   Host: localhost:4000   Cookie: ory_session_jollyproskuriakovaxe98qw5t8g=MTYyNzU1OTgyNHxEdi1CQkFF... User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36   ...

2. Using Ory Session to JWT: You can convert Ory Sessions to JSON Web Tokens (JWTs) by making a GET request to the

/sessions/whoami

endpoint with the

tokenize_as

query parameter set to a valid, configured Ory Session token template. Here is an example of how to do this:

bash curl -X GET \    -H "Cookie: ory_session...=..." \    "https://{project.slug}.<http://projects.oryapis.com/sessions/whoami?tokenize_as=jwt_example_template1|projects.oryapis.com/sessions/whoami?tokenize_as=jwt_example_template1>"

In both cases, it's recommended to validate the JWT using Ory Proxy's public key, which is available at

/.ory/proxy/jwks.json

. For more details, you can refer to the [Ory documentation](https://www.ory.sh/docs/identities/session-to-jwt-cors).

To obtain an Ory session and then convert it to a JWT using a cookie obtained from a browser, you can follow these steps: 1. Get the Ory Session: Send a request to the

/sessions/whoami

endpoint with the cookie. Here is an example of how to do this using cURL:

bash curl 'https://{project.slug}.<http://projects.oryapis.com/sessions/whoami|projects.oryapis.com/sessions/whoami>' \    -H 'Accept: application/json' \    -H 'Cookie: ory_kratos_session=YOUR_COOKIE_VALUE'

Replace

YOUR_COOKIE_VALUE

with the actual cookie value you obtained from the browser. 2. Convert the Ory Session to a JWT: To convert the Ory Session to a JWT, you can add the

tokenize_as

query parameter to the

/sessions/whoami

endpoint. The value of this parameter has to be a valid, configured Ory Session token template. Here is an example:

bash curl -X GET \    -H "Cookie: ory_session...=..." \    "https://{project.slug}.<http://projects.oryapis.com/sessions/whoami?tokenize_as=jwt_example_template1|projects.oryapis.com/sessions/whoami?tokenize_as=jwt_example_template1>"

Replace

ory_session...=...

with your actual session cookie. For more details, you can refer to the [Ory documentation](https://www.ory.sh/docs/identities/session-to-jwt-cors).

Sure, here is a proper cURL command to get the Ory Session and convert it to a JWT:

bash curl -X GET \  -H "Cookie: ory_kratos_session=YOUR_COOKIE_VALUE" \  "<https://your-project-slug.projects.oryapis.com/sessions/whoami?tokenize_as=jwt_example_template1>"

Please replace

YOUR_COOKIE_VALUE

with the actual cookie value you obtained from the browser, and replace

your-project-slug

with your actual project slug. Also, replace

jwt_example_template1

with the name of your configured Ory Session token template. This command sends a GET request to the

/sessions/whoami

endpoint with the

tokenize_as

query parameter set to a valid, configured Ory Session token template. The cookie is included in the request headers. The server will respond with a JWT if the session is valid.