I'm sorry, but the provided knowledge sources do not contain information on implementing a blacklist in Kratos or blocking certain users from obtaining a session token when using the API. However, Kratos does provide various methods for managing sessions, such as disabling a specific session or all other sessions of a user. For example, you can disable a specific session by calling the

DELETE /sessions/{id}

endpoint. This invalidates the specified session, but the current session cannot be revoked and session data are not deleted. You need to provide the session's ID in the URL and optionally set the Session Token or the Cookie Header when calling from non-browser clients or server-side applications, respectively.

plaintext DELETE /sessions/{id}

Parameters: - id (url, string, required): ID is the session's ID. - X-Session-Token (header, string, optional): Set the Session Token when calling from non-browser clients. A session token has a format of

MP2YWEMeM8MxjkGKpH4dqOQ4Q4DlSPaj

. - Cookie (header, string, optional): Set the Cookie Header. This is especially useful when calling this endpoint from a server-side application. In that scenario you must include the HTTP Cookie Header which originally was included in the request to your server. An example of a session in the HTTP Cookie Header is:

ory_kratos_session=a19iOVAbdzdgl70Rq1QZmrKmcjDtdsviCTZx7m9a9yHIUS8Wa9T7hvqyGTsLHi6Qifn2WUfpAKx9DWp0SJGleIn9vh2YF4A16id93kXFTgIgmwIOvbVAScyrx7yVl6bPZnCx27ec4WQDtaTewC1CpgudeDV2jQQnSaCP6ny3xa8qLH-QUgYqdQuoA_LF1phxgRCUfIrCLQOkolX5nv3ze_f==

. It is ok if more than one cookie are included here as all other cookies will be ignored. For more detailed information, please refer to the [Kratos API Reference](https://www.ory.sh/docs/kratos/reference/api).

@chilly-king-10285 is there a hook before refreshing a session?

Based on the provided knowledge sources, there is no explicit mention of a hook that triggers before a session refresh in Ory Kratos. Hooks in Ory Kratos are typically used to trigger actions before events such as user login, registration, triggering account recovery or verification, and updating account settings. However, you can use Ory Actions to add additional security checks when users initiate login, registration, account recovery or verification, and settings update flows. For example, you can create logic that checks the IP address of the user to ensure that the request is coming from a trusted location or to verify that the user's email address is associated with a valid domain. For more detailed information about hooks and actions in Ory Kratos, please refer to the [Hook Documentation](https://www.ory.sh/docs/kratos/hooks/configure-hooks) and the [Actions in Ory Identities](https://www.ory.sh/docs/kratos/hooks/configure-hooks#actions-triggered-before-events) section.

To refresh a session using the API in Ory Kratos, you can use the

extendSession

method from the SDK. Here are examples in Go and TypeScript: Go:

go package session      import (    "context"    "<http://github.com/ory/client-go|github.com/ory/client-go>"   )      type oryMiddleware struct {    ory *ory.APIClient   }      func init() {    cfg := client.NewConfiguration()    cfg.Servers = client.ServerConfigurations{     {URL: fmt.Sprintf("<https://%s.projects.oryapis.com>", os.Getenv("ORY_PROJECT_SLUG"))},    }       ory = client.NewAPIClient(cfg)   }      func RefreshSession(ctx context.Context, sessionId string) (session *client.Session, err error) {    session, _, err = ory.IdentityApi.ExtendSession(ContextWithToken(ctx), sessionId).     Execute()       if err != nil {     return nil, err    }       return session, err   }

TypeScript:

typescript import { Configuration, IdentityApi } from "@ory/client"      const identity = new IdentityApi(     new Configuration({       basePath: `https://${process.env.ORY_PROJECT_SLUG}.<http://projects.oryapis.com|projects.oryapis.com>`,       accessToken: `${process.env.ORY_ACCESS_TOKEN}`,     }),   )      export async function refreshSession(sessionId: string) {     return await identity.extendSession({       id: sessionId,     })   }

To get the Session ID, call the

/sessions/whoami

endpoint or

toSession

SDK method. Please note that the

extendSession

method is part of the Ory Identities API and is used to extend a session. If

session.earliest_possible_extend

is set, it will only extend the session after the specified time has passed. This endpoint returns a 204 No Content response on success. Older Ory Network projects may return a 200 OK response with the session in the body. Returning the session as part of the response will be deprecated in the future and should not be relied upon ([source](https://www.ory.sh/docs/kratos/reference/api)). For more information, please refer to the [Ory Kratos Session Management Documentation](https://www.ory.sh/docs/kratos/session-management/refresh-extend-sessions#refreshing-sessions-as-administrator).

Yes, a mobile app can call the

extendSession

API to extend the duration of a session. This can be done by making a

PATCH

request to the

/admin/sessions/{id}/extend

endpoint, where

{id}

is the ID of the session you want to extend. Here is an example of how you can do this in TypeScript:

typescript import { Configuration, IdentityApi } from "@ory/client"      const identity = new IdentityApi(     new Configuration({       basePath: `https://${process.env.ORY_PROJECT_SLUG}.<http://projects.oryapis.com|projects.oryapis.com>`,       accessToken: `${process.env.ORY_ACCESS_TOKEN}`,     }),   )      export async function refreshSession(sessionId: string) {     return await identity.extendSession({       id: sessionId,     })   }

In this example,

ORY_PROJECT_SLUG

is the slug of your Ory project and

ORY_ACCESS_TOKEN

is your access token.

sessionId

is the ID of the session you want to extend. Please note that this endpoint returns a 204 No Content response on success. If the session does not exist or if consecutive requests are made to extend the same session, a 404 error is returned. For more information, please refer to the [Ory Kratos API Reference](https://www.ory.sh/docs/kratos/reference/api).

A message from kapa.ai

Yes, a mobile app can call the

extendSession

API to extend the duration of a session. This can be done by making a

PATCH

request to the

/admin/sessions/{id}/extend

endpoint, where

{id}

is the ID of the session you want to extend. Here is an example of how you can do this in TypeScript:

typescript import { Configuration, IdentityApi } from "@ory/client"      const identity = new IdentityApi(     new Configuration({       basePath: `https://${process.env.ORY_PROJECT_SLUG}.<http://projects.oryapis.com|projects.oryapis.com>`,       accessToken: `${process.env.ORY_ACCESS_TOKEN}`,     }),   )      export async function refreshSession(sessionId: string) {     return await identity.extendSession({       id: sessionId,     })   }

In this example,

ORY_PROJECT_SLUG

is the slug of your Ory project and

ORY_ACCESS_TOKEN

is your access token.

sessionId

is the ID of the session you want to extend. Please note that this endpoint returns a 204 No Content response on success. If the session does not exist or if consecutive requests are made to extend the same session, a 404 error is returned. For more information, please refer to the [Ory Kratos API Reference](https://www.ory.sh/docs/kratos/reference/api).

Yes, a mobile app can call the

extendSession

API to extend the duration of a session. This can be done by making a

PATCH

request to the

/admin/sessions/{id}/extend

endpoint, where

{id}

is the ID of the session you want to extend. Here is an example of how you can do this in TypeScript:

typescript import { Configuration, IdentityApi } from "@ory/client"      const identity = new IdentityApi(     new Configuration({       basePath: `https://${process.env.ORY_PROJECT_SLUG}.<http://projects.oryapis.com|projects.oryapis.com>`,       accessToken: `${process.env.ORY_ACCESS_TOKEN}`,     }),   )      export async function refreshSession(sessionId: string) {     return await identity.extendSession({       id: sessionId,     })   }

In this example,

ORY_PROJECT_SLUG

is the slug of your Ory project and

ORY_ACCESS_TOKEN

is your access token.

sessionId

is the ID of the session you want to extend. Please note that this endpoint returns a 204 No Content response on success. If the session does not exist or if consecutive requests are made to extend the same session, a 404 error is returned. For more information, please refer to the [Ory Kratos API Reference](https://www.ory.sh/docs/kratos/reference/api).