Ory Identities (Kratos) provides several ways to convert session cookies to JSON Web Tokens (JWTs). Here are the main approaches: ## Session to JWT Conversion ### 1. Using the Session to JWT Feature The recommended approach is to use Ory's built-in "Session to JWT" feature. This allows you to convert an Ory Session into a JWT by: 1. Defining JWT templates in your configuration 2. Using the

tokenize_as

parameter when calling the

/sessions/whoami

endpoint

curl -X GET \   -H "Cookie: ory_session...=..." \   "https://$<http://PROJECT_SLUG.projects.oryapis.com/sessions/whoami?tokenize_as=jwt_example_template1|PROJECT_SLUG.projects.oryapis.com/sessions/whoami?tokenize_as=jwt_example_template1>"    {   // ...   "tokenized": "{the-jwt}" }

You can also use the Ory SDK:

javascript import { Configuration, FrontendApi } from "@ory/client"  const frontend = new FrontendApi(   new Configuration({     basePath: `https://${process.env.ORY_PROJECT_SLUG}.<http://projects.oryapis.com|projects.oryapis.com>`,   }), )  export async function toSessionWithJwt(sessionId: string) {   const session = await frontend.toSession({     tokenize_as: "jwt_example_template1",   })   const jwt = session.tokenized   return jwt }

[Session to JWT documentation](https://www.ory.sh/docs/identities/session-to-jwt-cors) ### 2. Using Ory Proxy Ory Proxy can automatically translate Ory Session Cookies to JWTs. When a user makes a request with a valid Ory Session Cookie, Ory Proxy: 1. Resolves the session 2. Converts it to a JWT 3. Includes the JWT in the

Authorization

HTTP header of the request to your application The JWT contains all session and identity information from the original session cookie. [Ory Proxy with JWT documentation](https://www.ory.sh/docs/guides/cli/proxy-and-tunnel#use-ory-proxy-with-json-web-tokens) ### 3. Using Ory Oathkeeper For more advanced setups, you can use Ory Oathkeeper as an API Gateway to convert sessions to JWTs. This is mentioned as an alternative approach in the documentation. [Session Management Overview](https://www.ory.sh/docs/kratos/session-management/overview#use-ory-oathkeeper-to-convert-sessions-to-jwts) ## Why Use JWTs? While Ory sessions are not issued as JWTs by default (due to challenges with session revocation and updates), converting to JWTs can be useful for: - Making cross-origin (CORS) requests where including cookies is difficult - Representing a signed-in user with a JWT - Integrating with third-party services - Reducing API calls to Ory's endpoints Remember that Ory Network employs session caching to reduce latency for session verification, so performance concerns with direct session validation are often already addressed.