When working locally, how can I ping an external endpoint (i.e. Azure API Manager) and have my Ory session cookies sent in the request? I appreciate everything needs to be on the same domain, but I can’t seem to get it working. I’m assuming this is a common use case, so I’m missing something. Not sure if I need to set up additional proxies for my external services?

Hi @bitter-city-92566 As you have rightfully mentioned, you need to have everything run under the same domain. What is your current setup like and how exactly do you want to call the external service? If you are testing out a local application against Ory Cloud, you will need the

ory proxy/tunnel

Hi @proud-plumber-24205 - I’m putting a proof of concept for a micro-service project together. I have a project running locally against Ory Cloud and am using Ory tunnel for localhost - once authenticated (which I can do) I’d like to make a request to my test Azure API Manger. Essentially the api layer may not be running locally, but will need to run the UI on localhost for development. As an aside, I wondered if getting a JWT from the Ory Proxy would be an option, but Ory Cloud / Proxy doesn’t seem to return one. UI is React - services are in Go, hosted in Azure containers behind an Azure API Management layer.

You can convert the cookie to a JWT with your own application or with Ory Proxy or with Ory Oathkeeper. Just beware that we will deprecate the

Ory proxy

and instead keep the

Ory tunnel

as the only option in future. I'm wondering how does the Azure API manager get protected from unauthorized requests? Can it extract the cookie / JWT from the header and verify it for you? Or do you need to setup a decision proxy?

@proud-plumber-24205 I have a API Manager policy in place to call the Ory

whoami

endpoint for session validation - not sure if this is idiomatic, but felt it was suitable for my proof of concept. The Ory localhost session cookies are not available to me though as I’m calling a different domain (you can’t run the api - or micro-service layer on localhost). I’m assuming I’m not the first to have this issue - perhaps I need a better local proxy solution. I was hoping mine was a common use case and there may be a document solution?

I see, basically your local environment needs to interface with two remote resources: 1. Ory Cloud 2. Azure API Manager And Azure contacts Ory Cloud to validate the session, so it is also your decision proxy. I haven't come across this scenario in the community yet. Also the

ory tunnel

was developed in response to mirroring the Ory Cloud APIs for your local environment - assuming that all required software would also be localhost. The only way around this would be to intercept the call from your React UI to Azure and rewrite the cookies back to your domain (basically what

ory proxy / tunnel

does)

Thanks @proud-plumber-24205 - I appreciate you taking the time to review and get back to me. I’ll keep an eye on the issue with interest. Meanwhile, I’ll continue my research.

@bitter-city-92566 could you please comment on the issue on GitHub so that you see any updates to the issue there? 🙂 Thank you!

@high-optician-2097 shall do - regarding the domain, I added a custom domain in the hope I’d be able to map my local host file to the same root domain, but no joy.

I see, let’s continue the conversation on github 🙂