https://www.ory.sh/ logo
#talk-kratos
Title
# talk-kratos
o

orange-boots-71535

03/23/2022, 7:55 PM
Hey 👋 everyone. We’re trying to build an SSO auth system right now and we’re looking at basing it all on Kratos. However, we have a GraphQL/Prisma backend, and we need some way to validate the session token from the API side (at least as I understand it). Is there any route we can call in the Kratos HTTP API to verify the token passed from the browser? I’m not fully understanding how this part is expected to work https://www.ory.sh/docs/kratos/reference/api#operation/toSession. Right now we run everything on JWT authorization tokens that we can verify server-side, so I’m not sure how the communication between our server/API and the Kratos service/API is supposed to happen. We would appreciate any help we can get! CC’ing @User
@User or @User if there’s any way to pay for consulting on this we’d probably be interested
d

damp-sunset-69236

03/24/2022, 7:53 AM
Hello. Kratos sets
ory_kratos_cookie
which is
httpOnly
for all browser sessions and you can use
toSession
SDK method to validate session As another solution you can call
/sessions/whoami
endpoint which is the same.
3 Views