I don't see specific information about configuring Insomnia API testing app with Ory Sessions in the provided knowledge sources. However, I can provide general guidance on how to work with Ory Sessions in API testing based on the available information. When testing Ory APIs with any API testing tool like Insomnia, you'll need to handle either Ory Session Cookies (for browser-based flows) or Ory Session Tokens (for native apps): ## Using Session Tokens For API testing, you'll likely want to use the Session Token approach: 1. First authenticate through the appropriate login endpoint 2. Extract the session token from the response 3. Include the token in subsequent requests using the Authorization header:

Authorization: Bearer <your-session-token>

As shown in the documentation, you can verify a session with:

curl -H "Authorization: Bearer {your-session-token}" \   "https://$<http://PROJECT_SLUG.projects.oryapis.com/sessions/whoami|PROJECT_SLUG.projects.oryapis.com/sessions/whoami>"

## Using Session Cookies Alternatively, if you want to test browser-based flows, you'll need to: 1. Enable cookie storage in Insomnia 2. Make sure to set the

withCredentials: true

option (or equivalent in Insomnia) 3. Include the cookie in requests:

curl -H "Cookie: ory_session_...=..." \   "https://$<http://PROJECT_SLUG.projects.oryapis.com/sessions/whoami|PROJECT_SLUG.projects.oryapis.com/sessions/whoami>"

## Session Verification When testing your APIs, you can verify sessions by calling the

/sessions/whoami

endpoint, which will return session information if valid or a 401 error if not. For more detailed information about Ory Sessions and authentication flows, you may want to check the [Session Management documentation](https://www.ory.sh/docs/kratos/session-management/overview) and [Check Session Status documentation](https://www.ory.sh/docs/identities/sign-in/check-session-token-cookie-api).

I can provide an example of using the Ory login endpoint programmatically without using the UI. This is typically used for API clients or native applications. ## API Login Flow Example For API clients, you need to follow a two-step process: ### Step 1: Initialize the Login Flow First, you need to get the login flow action URL:

bash actionUrl=$(   curl -s -X GET -H "Accept: application/json" \     "<https://playground.projects.oryapis.com/self-service/login/api>" \     | jq -r '.ui.action' )

### Step 2: Complete the Login Flow Then, submit your credentials to the action URL:

bash curl -s -X POST -H "Accept: application/json" -H "Content-Type: application/json" \     -d '{"identifier": "<mailto:user@example.com|user@example.com>", "password": "your-password", "method": "password"}' \     "$actionUrl" | jq

The response will include a session token and session information:

json {   "session_token": "oFZzgLpsacUpUy2cvQPtrGa2046WcXCR",   "session": {     "id": "8f660ce3-69ec-4aeb-9fda-f9230dc3243f",     "active": true,     "expires_at": "2020-08-25T13:42:15.7411522Z",     "authenticated_at": "2020-08-24T13:42:15.7411522Z",     "issued_at": "2020-08-24T13:42:15.7412042Z",     "identity": {       "id": "bf32596a-f853-47c4-91e6-a3f41cf4949d",       "schema_id": "default",       "schema_url": "<https://playground.projects.oryapis.com/schemas/default>",       "traits": {         "email": "<mailto:user@example.com|user@example.com>",         "name": {           "last": "User",           "first": "API"         }       }       // Additional identity information...     }   } }

### Step 3: Using the Session Token You can now use the session token for authenticated requests:

bash curl -s -H "Authorization: Bearer svX8bE9HTiVpMr7r55TtKtcOkLRhAq1a" \   <https://playground.projects.oryapis.com/sessions/whoami> | jq

This will return the session information if the token is valid. [Ory Kratos Self-Service Login Flow for API Clients](https://www.ory.sh/docs/kratos/self-service/flows/user-login#api-clients) Remember that this approach is specifically for API clients and native applications, not for browser-based applications which should use the browser flow with cookies instead.

@chilly-king-10285 How would this flow be possible using SSO, like Google

I can explain how to implement a programmatic login flow using Google SSO (Social Sign-In) with Ory without using the UI. ## Social Sign-In Flow with Google When using social sign-in providers like Google with Ory, there are two main approaches depending on your application type: ### 1. For API/Backend Applications For API clients, the OAuth2/OIDC flow requires browser interaction for the Google authentication part, but you can handle it programmatically:

bash # Step 1: Initialize the login flow flowId=$(   curl -s -X GET -H "Accept: application/json" \     "<https://your-project.projects.oryapis.com/self-service/login/api>" \     | jq -r '.id' )  # Step 2: Submit the provider choice curl -s -X POST -H "Accept: application/json" -H "Content-Type: application/json" \     -d '{"provider": "google", "method": "oidc"}' \     "<https://your-project.projects.oryapis.com/self-service/login?flow=$flowId>"

This will return a redirect URL that the user needs to visit to authenticate with Google. After successful authentication, Google redirects back to your application with an authorization code. [OAuth2 and OpenID Connect](https://www.ory.sh/docs/guides/oauth2-oidc) ### 2. For Native Mobile Applications For native apps, you can use the Google SDK approach which provides a better user experience: 1. Configure a Google social sign-in provider in Ory using the same

client_id

as in your app 2. Obtain an

id_token

directly from Google using their SDK 3. Submit this token to Ory:

bash curl -s -X POST -H "Accept: application/json" -H "Content-Type: application/json" \     -d '{       "method": "oidc",       "provider": "google",       "id_token": "YOUR_GOOGLE_ID_TOKEN"     }' \     "<https://your-project.projects.oryapis.com/self-service/login?flow=$flowId>"

This approach doesn't require browser redirection and provides a more integrated experience. [Using the Google SDK on native apps](https://www.ory.sh/docs/kratos/social-signin/google#using-the-google-sdk-on-native-apps) ### Example Flutter Implementation Here's a Flutter code example for implementing Google Sign-In with Ory:

dart import 'package:flutter/material.dart';   import 'package:google_sign_in/google_sign_in.dart';   import 'package:one_of/one_of.dart';   import 'package:ory_client/ory_client.dart';      class SignInWithGoogleButton extends StatelessWidget {     final String flowId;     final OryClient ory;        final GoogleSignIn _googleSignIn = GoogleSignIn(       scopes: [         'email',         // Add additional scopes, if you require that data in your Jsonnet mapping       ],     );        SignInWithGoogleButton({super.key, required this.flowId, required this.ory});        void handleGoogleSignIn(GoogleSignInAccount? value) {       value?.authentication.then((value) {         var idToken = value.idToken;         if (idToken == null) {           // If we end up here, but there is no ID token, something went wrong           print("No idToken found");           return;         }            // Create the payload for the updateRegistrationFlow endpoint with the idToken from Google         var body = UpdateRegistrationFlowWithOidcMethod(           (b) => b             ..idToken = idToken             ..method = 'oidc'             ..provider = 'google',         );            // Submit the updateRegistrationFlow endpoint with the payload         ory.getFrontendApi().updateRegistrationFlow(               flow: flowId,               updateRegistrationFlowBody: UpdateRegistrationFlowBody(                   (b) => b..oneOf = OneOf.fromValue1(value: body)),             );       });     }        @override     Widget build(BuildContext context) {       return TextButton(         child: const Text("Sign in with Google"),         onPressed: () => {_googleSignIn.signIn().then(handleGoogleSignIn)},       );     }   }

For login flows, you would use

updateLoginFlow

instead of

updateRegistrationFlow

with similar parameters. [Using the Google SDK on native apps](https://www.ory.sh/docs/kratos/social-signin/google#using-the-google-sdk-on-native-apps) Remember that you need to configure the Google social sign-in provider in your Ory project first before these flows will work.