rhythmic-toddler-31735
05/02/2022, 6:33 PMdamp-sunset-69236
05/03/2022, 7:52 AM/sessions/whoami
endpoint would be enough to solve your issue and it looks like
1. Get session by calling /sessions/whoami
2. Ensure we have valid session
3. Get session.identity.id
and use it as identifier of the user
4. Store it in the database
Let’s talk about Keto. Keto is access control engine and you need to keep in mind that requests to keto should be authenticated and authorized because it doesn’t have any mechanisms to check that.
Honestly, for your case, using keto looks like a little bit of overcomplicating things, because you can get comments by running query with user_id, like
select * from comments where author_id=$identity_id_from_kratos
On the other hand, Keto is useful to provide access control features. Let’s say that you have moderators
group and they can edit/approve comments. It means that you need to implement access control features and it sounds like a job for Keto. You can add edit
permissions to some users.steep-lamp-91158
rhythmic-toddler-31735
05/03/2022, 8:42 AMsteep-lamp-91158
rhythmic-toddler-31735
05/03/2022, 9:41 AMmagnificent-actor-67130
05/07/2022, 3:15 AMfast-guitar-70261
05/17/2022, 7:08 PM