To verify a JSON Web Token (JWT) using the Ory APIs, you need to follow these steps: 1. First, you need to obtain the JWT. This can be done by making a GET request to the

/sessions/whoami

endpoint with the

tokenize_as

parameter set to your desired template. You need to include the session cookie in the request header. The response will include the tokenized JWT.

bash curl -X GET \     -H "Cookie: ory_session...=..." \     "https://{project.slug}.<http://projects.oryapis.com/sessions/whoami?tokenize_as=jwt_example_template1|projects.oryapis.com/sessions/whoami?tokenize_as=jwt_example_template1>"

2. To verify the JWT, you need to export the public key from the JSON Web Key Set (JWKS). This can be done using the

ory get jwk

command with the

--public

flag and the

--project

flag set to your project ID. The output should be redirected to a JSON file.

bash ory get jwk some-example-set \     --public \     --project {project.id} --format json-pretty \     > es256-public.jwks.json

3. You can then use this public key to verify the JWT. This can be done using a JWT library, such as

node-jwks-rsa

. Point the library to the JWKS endpoint of your Ory project.

bash http://{project.slug}.<http://projects.oryapis.com/.well-known/jwks.json|projects.oryapis.com/.well-known/jwks.json>

Remember, to perform these operations, you must be authenticated by means of the

oryAccessToken

method. For more details, see the [API documentation](https://www.ory.sh/docs/reference/api#tag/frontend/operation/toSession) and the [documentation on JWT validation](https://www.ory.sh/docs/oauth2-oidc/jwt-access-token#json-web-token-validation). Please note that these are general instructions and you may need to adjust them based on your specific setup and requirements.