I currently have Ory Kratos implemented in a Next.js app and a backend that is hosted elsewhere on a different domain. After registration I create a user in my backend’s database with the id provided by Kratos so that I can get user from the request’s context and use that for protecting my API.

export const getUserFromContext = async ({ prisma, req }: Pick<Context, "prisma" | "req">) => {
  try {
    const { data: session } = await oryApiClient.toSession(undefined, req.headers.cookie);

    if (!session) {
      return null;
    }

    const user = await prisma.user.findUnique({ where: { id: session.identity.id }, include: { roles: true } });

    return user;
  } catch (error) {
    return null;
  }
};

Works completely fine locally, but since my backend is hosted on a different domain than my Next.js app I guess the cookies are undefined (correct me if I’m wrong) and it fails. Is there no way around this other than having the backend on the same domain or am I being stupid? 😄

I believe it's currently impossible to use different top level domains

Hello. You can make it work by using one domain. Like

<http://frontend.example.com|frontend.example.com>
<http://kratos.example.com|kratos.example.com>
<http://backend.example.com|backend.example.com>

In that case you can have everything work fine. You can check • Configuring Cookies • Advanced Base URL, CSRF & Session Cookie Settings You can add CNAME records for the backend hosted elsewhere to make it work. As another option you can setup your ingress to proxy traffic from another domain. The example of different domains is below

<http://frontend.example.com|frontend.example.com>
<http://backend.different-domain.com|backend.different-domain.com>

Is there not a way to use the

Authorization

header instead of relying on the backend being on the same domain 🤔