Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hello, have a noob question: I have an SPA, which makes calls to my Golang API server, now i want to add authentication whith Kratos. my question is how to verify the session on the API server, do i, after login of course, send the session cookie to the api and check it in a middleware using the /sessions/whoami endpoint?

Yes. Here’s an example on Python to demonstrate it <https://github.com/gen1us2k/kratos_flask_example/blob/master/app/public/views.py#L18>

But I just proxying all cookies and it built as an example and I don’t recommend to do this on production-ready code :slightly_smiling_face: