Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hey everyone, I have some questions regarding this documentation <https://www.ory.sh/docs/kratos/guides/zero-trust-iap-proxy-identity-access-proxy>.   v0.8.0-alpha.3 versions throw a 404 response when I call <http://127.0.0.1:4455/welcome>  so I use the v0.10.1  version instead. I follow all the instructions from my local machine and the documentation said i will find `Authorization: bearer &lt;jwt...&gt;`  instead of `Cookie: ory_kratos_session=...`  in the HTTP header, But i can't find the token when i do inspect the element. Where did I suppose to check or find the jwt token?

I think if you use browser based flows, you get the session. Not the jwt token.

If you initiate the „flowWithoutBrowser“ method (from the sdk), you get a token

What if I want to use the jwt token in browser-based flow using ory Oathkeeper? any idea

We use both. So jwt for cli and session cookie for  web. You can have multiple.

Is it also work with ory kratos hosted in our virtual machine? Because we do not use ory cloud and cli?