Hey, in the cloud plan, do you have access to the secret that is being used? I currently am trying to see if I can make our APIs accept both tokens (legacy and ory cloud) but the way we handle authentication is through an JWT token. I wasn't able to find any docs on this
h
high-optician-2097
05/04/2022, 3:45 PM
You mean the Ory Kratos secrets?
high-optician-2097
05/04/2022, 3:46 PM
We currently do not expose them but more out of a security sense. It is theoretically possible though. Iām not 100% sure if I understand the JWT part, maybe you could help me with a bit more context?
r
rhythmic-animal-78297
05/04/2022, 9:18 PM
Yes ofcourse š we use an API service which is completely separate from the web app to authenticate any user/app behaviour. Currently we have a fairly simple process where we check the JWT given through the authorization token which is shared by our auth service to make sure we can validate the auth token.
h
high-optician-2097
05/05/2022, 8:16 AM
Cool, thank you š What secret are you looking for then exactly?
r
rhythmic-animal-78297
05/05/2022, 3:36 PM
I'm looking for a secret to verify the token that is being sent to identify the user. I'm pretty new to ory, so I haven't gotten to how it works. Sorry if this doesn't make much sense š
h
high-optician-2097
05/05/2022, 3:46 PM
I see, there is no such secret right now š Except for when you use the ory proxy command. Are you using that?