[claystraw]

Yes absolutely, you can use the Ory SDK's `toSession()` function to resolve a Session Cookie (for browsers) or Session Token (for non-browsers, e.g. native mobile apps) to its identity.

We have on the list to add a section about using Next's new middleware feature to protect API routes. Is that something you'd be interested in?

[chwzr]

yes having the identity on hand by just looking up req.identity would be super neat feature!

[claystraw]

Nice, we'll add a guide shortly. This is already possible but we just didn't have time yet to add it to the guide :) If you want, create an issue in the GH (https://github.com/ory/kratos-nextjs-react-example/issues/ne...) repo for this so you get notified once it's available, and so we don't forget!

[bsid]

checkout - https://clerk.dev/solutions/nextjs-authentication, the middleware works like you're talking about. It's lighter weight than ory, i think. I've struggled to figure out how all of ory's pieces fit together, however their upcoming cloud offering may resolve some of those challenges!

[boneabcd]

From reading the linked article it seems fairly easy to use. Do you have some concrete examples why your solution would be "lighter"? I'd actually say it's heavier since you have to pay and end up in a "custom pricing scheme" (whatever that means) for 10k+ users as it says on your website. And it's also only available as a cloud service, with all the vendor lock in shenanigans everyone hates.

By the way people usually disclaim upfront on HN (see FusionAuth folks here) when they are involved in a project. Seems like you are the "CTO at Clerk". Frankly it's dishonest to talk bad about open source without claims to back it up while also being in a competitive space and plugging your solution in their "Show HN" moment.

tl;dr no thanks I'll look somewhere else...

[bsid]

didn't mean to talk bad... nothing but respect for everyone involved in this project. my comment was very hasty -- and you're right I should have disclosed up front that I'm working on a product in a similar space.

Ory has been around for awhile, they're quite the gorilla in the identity space - It's a set of very large, and very impressive products that work well together. It is extremely powerful, flexible, and can handle almost any use case. I'd define "lighter" as being more opinionated in it's approach with fewer options - as a result it's less powerful and flexible. Also, w/ open source, comes setting up your own infra (even if that's now just throwing it in a cloud), which I'd consider "heavier". Imo, these terms don't mean something is worse than something else, just a fit for a different use case.