Is there any example yet on how to validate a user that is authenticating through the session_token provided by the Kratos API login flow?
As far as I can tell, just like the cookie_session authenticator, the
Authorization: Bearer <session_token> should be forwarded to kratos’s
/sessions/whoami endpoint. According to the docs there is no authenticator available yet to handle a bearer token by simple checking with an endpoint?
oauth2_introspection perhaps be used to accomplish this? It’s not an oauth2 flow but as long as there is no issue with checking scopes this might work? The
subject_from configuration options are missing though.