Hi! I testing the Ory network, and I need to create a custom authorizer in AWS Lambda to validate the session. As I have understood from docs, the "correct" way is to use oathkeeper but isn't available on the cloud version. So, the way to validate the session in my SPA is something like that?

const basePath = process.env.REACT_APP_ORY_URL || "<http://localhost:4000>"
const ory = new V0alpha2Api(
    new Configuration({
        basePath,
        baseOptions: {
            withCredentials: true,
        },
    }),
);

const session = await ory.toSession('mycookievalue');

Hi @clean-australia-2084 You don't need oathkeeper to validate the session. You can write a middleware on the server side which can validate it for you. yes inside the SPA you can call the

toSession

but you do not need to provide any string since the cookie is added automatically by the browser since you have

withCredentials: true

added

On the server side, can I use the same V0alpha2Api class to validate the session? if any is there a doc link with some examples it will be helpful

Yes you can. You just need to pass it the cookie manually. We have some guides on this here https://www.ory.sh/docs/getting-started/integrate-auth/expressjs

nice! thank you I came from 2 years using Cognito and you guys are doing a great job, really enjoying first steps