SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

SuperTokens.com

Hey guys,
I want to use krakend.io API Gateway to enforce request level authorization. Krakend supports fetching the token from cookies with `cookie_key` parameter (https://www.krakend.io/docs/authorization/jwt-validation/), so I guess it must possible to make it work with Supertokens http-only cookies. Theoretically, I can pass `jwk_url` of Supertokens (https://supertokens.com/docs/passwordless/common-customizations/sessions/with-jwt/get-jwks-and-issuer) to Krakend and set `cookie_key` to `sAccessToken` to make it work.

But the jwks endpoint in Supertokens is not available unless I turn on jwt in session recipe, is that right? Because I cannot fetch the jwks endpoint with my current setup where I did not enable jwt in Supertokens.

The thing is I don't want to enable jwt feature, I just want my http-only cookies to get verified in a stateless manner on API Gateway side 🙂

hey! Thats not possible at the moment without enabling JWT feature.

We are working on changing sessions so that it would be possible.. but thats ~ 1 month away from release.

Thanks <@498057949541826571> ! I can wait 😄 Looking forward for that release:)