Hi everyone, we are using oathkeeper and kratos. I am wondering whether there is a way we can have anonymous session using kratos? We want to serve different content based on whether user is logged in vs user is not logged in at same endpoint. The

cookie_session

authenticator allows us to verify a logged in user but how do we serve content to a non logged in user?

So you have two kinds of content: • content for registered • content for not-registered Could you serve the non-registered content as default and when they have a session as indicated by cookie_session you replace it with the registered content?

I see. How do we specify oathkeeper rules to let the request go through? right now, when I specify

cookie_session

as authenticator, it would return an error.

You could also create a temporary profile, for example in the users cookie. And when they register you pre-populate the form with the data you already have. But that is probably a different usecase 🤔

creating a temporary user for each anonymous session doesn't seem worth it to me. I was hoping that there should be a better way.

Definitely! That is only if you want to prepopulate the signup form. Could you share your oathkeeper config maybe? I have this in mine for cookie_session:

authenticators:
    cookie_session:
        enabled: true
        config:
            check_session_url: <http://kratos:4433/sessions/whoami>
            preserve_path: true
            extra_from: "@this"
            subject_from: "identity.id"
            only:
              - ory_kratos_session

this is what I am using for now

here is an example of the rules https://github.com/radekg/ory-reference-compose/blob/master/compose/configs/oathkeeper/kratos-selfservice.json

I am just using the quick start guide and modifying to support this use case.

Yea, that sounds like a great idea! Let me know how it goes 🙏

Thank you so much for a quick reply

This seems to be a common request(ish) to essentially “force login” anonymous users. I’d like this sort of functional as well