Yes, you will need to adjust the Ory Oathkeeper configuration to authenticate and authorize requests from native applications using the session token. In the native application flow, Ory issues a session token upon successful login. This token should be used to authenticate subsequent requests to Ory. However, the exact method of setting this token on the HTTP request is not specified in the provided knowledge sources. The Ory Oathkeeper configuration can be defined globally as well as per Access Rule. The configuration from the Access Rule overrides values from the global configuration. You can define several configuration options for Ory Oathkeeper such as the port for the proxy and where to load the access rules from. For example, you can enable the Cookie Session Authenticator and point it to Ory Kratos'

/sessions/whoami

API. It uses the

ory_kratos_session

cookie to identify if a request contains a session or not. You can also enable the Anonymous Authenticator for endpoints that don't need login. Here is an example of how you might configure the Ory Oathkeeper:

yaml authenticators:     cookie_session:       enabled: true       config:         check_session_url: <http://kratos:4433/sessions/whoami>         preserve_path: true         extra_from: "@this"         subject_from: "identity.id"         only:           - ory_kratos_session

Please note that the exact configuration will depend on your specific use case and requirements. For more detailed information, please refer to the [Ory Oathkeeper documentation](https://www.ory.sh/docs/oathkeeper/). Sources: - [Ory Oathkeeper: Identity and Access Proxy](https://www.ory.sh/docs/kratos/guides/zero-trust-iap-proxy-identity-access-proxy#ory-oathkeeper-identity-and-access-proxy) - [Handler Configuration](https://www.ory.sh/docs/oathkeeper/api-access-rules#handler-configuration) - [Native Application](https://www.ory.sh/docs/kratos/bring-your-own-ui/custom-ui-basic-integration#native-application)