Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hi, I want to convert kratos session into jwt using oathkeeper

Here's what I think the flow will look like -

User send login req using frontend -&gt; oathkeeper gets the req -&gt; kratos validates the req -&gt; returns cookie -&gt; oathkeeper -&gt; mutates cookie using id_token -&gt; sends to frontend

Bt later, when frontend makes req to /sessions/whoami to find current user, user won't have the cookie, so how will kratos authenticate?