Hi everyone, we are using oathkeeper and kratos. I...
# talk-oathkeeper
Hi everyone, we are using oathkeeper and kratos. I am wondering whether there is a way we can have anonymous session using kratos? We want to serve different content based on whether user is logged in vs user is not logged in at same endpoint. The
authenticator allows us to verify a logged in user but how do we serve content to a non logged in user?
So you have two kinds of content: • content for registered • content for not-registered Could you serve the non-registered content as default and when they have a session as indicated by cookie_session you replace it with the registered content?
I see. How do we specify oathkeeper rules to let the request go through? right now, when I specify
as authenticator, it would return an error.
You could also create a temporary profile, for example in the users cookie. And when they register you pre-populate the form with the data you already have. But that is probably a different usecase 🤔
creating a temporary user for each anonymous session doesn't seem worth it to me. I was hoping that there should be a better way.
Definitely! That is only if you want to prepopulate the signup form. Could you share your oathkeeper config maybe? I have this in mine for cookie_session:
Copy code
        enabled: true
            check_session_url: <http://kratos:4433/sessions/whoami>
            preserve_path: true
            extra_from: "@this"
            subject_from: "identity.id"
              - ory_kratos_session
this is what I am using for now
Best would be if you could share a reproducible repo of course, can also be private.
I am just using the quick start guide and modifying to support this use case.
👍 1
I am thinking that with this rule, if
cookie is not set, the oathkeeper will try the next rule. In that rule, I could set a header and use that in my backend to identify anonymous users
Does that sound like an idea that'd work?
Yea, that sounds like a great idea! Let me know how it goes 🙏
Thank you so much for a quick reply
This seems to be a common request(ish) to essentially “force login” anonymous users. I’d like this sort of functional as well