HI I want to implement authenticated API calls through the o Ory Community #talk-oathkeeper

HI, I want to implement authenticated API calls th...

acoustic-father-92306

05/22/2023, 10:58 AM

HI, I want to implement authenticated API calls through the oauthkeeper. And with my current setup I get "Bad gateway" response. I'm using the quickstart Docker setup. The authentication is done by Kratos.

acoustic-father-92306

05/22/2023, 11:01 AM

oauthkeeper.yml

is :

Copy code

log:
  level: debug
  format: json
  leak_sensitive_values: true

serve:
  proxy:
    cors:
      enabled: true
      allowed_origins:
        - "*"
        - "<http://localhost:3000/*>"
        - "<http://localhost:3001/*>"
      allowed_methods:
        - POST
        - GET
        - PUT
        - PATCH
        - DELETE
      allowed_headers:
        - Authorization
        - Content-Type
      exposed_headers:
        - Content-Type
      allow_credentials: true
      debug: true

errors:
  fallback:
    - json

  handlers:
    redirect:
      enabled: true
      config:
        to: <http://localhost:3000>
        when:
          -
            error:
              - unauthorized
              - forbidden
            request:
              header:
                accept:
                  - text/html
                  - application/json
    json:
      enabled: true
      config:
        verbose: true

access_rules:
  matching_strategy: glob
  repositories:
    - file:///etc/config/oathkeeper/access-rules.yml

authenticators:
  anonymous:
    enabled: true
    config:
      subject: guest

  cookie_session:
    enabled: true
    config:
      check_session_url: <http://kratos:4433/sessions/whoami>
      preserve_path: true
      extra_from: "@this"
      subject_from: "identity.id"
      only:
        - ory_kratos_session

  noop:
    enabled: true

authorizers:
  allow:
    enabled: true

mutators:
  noop:
    enabled: true

  id_token:
    enabled: true
    config:
      issuer_url: <http://localhost:4455/>
      jwks_url: file:///etc/config/oathkeeper/id_token.jwks.json
      claims: |
        {
          "session": {{ .Extra | toJson }}
        }

acoustic-father-92306

05/22/2023, 11:02 AM

access-rules.yml

is:

Copy code

-
  id: "ory:kratos:public"
  upstream:
    preserve_host: true
    url: "<http://kratos:4433>"
    strip_path: /.ory/kratos/public
  match:
    url: "<http://localhost:4455/.ory/kratos/public/><**>"
    methods:
      - GET
      - POST
      - PUT
      - DELETE
      - PATCH
  authenticators:
    -
      handler: noop
  authorizer:
    handler: allow
  mutators:
    - handler: noop

-
  id: "ory:kratos-selfservice-ui-node:protected"
  upstream:
    preserve_host: true
    url: "<http://localhost:3001/>"
  match:
    url: "<http://localhost:4455/test/><**>"
    methods:
      - GET
      - POST
      - PUT
      - DELETE
      - PATCH
  authenticators:
    -
      handler: cookie_session
  authorizer:
    handler: allow
  mutators:
    - handler: id_token
  errors:
    - handler: redirect
      config:
        to: <http://localhost:3000>

acoustic-father-92306

05/22/2023, 11:04 AM

The response is

502 Bad Gateway

and the request does not arrive to the test API. Can you help me?

icy-manchester-83109

05/23/2023, 6:23 PM

I assume, your setup runs in docker. With that assumption, how do you expect the connections to an upstream available at localhost to work? This will be the reason for the 502 code if my assumption is correct

3 Views

Open in Slack

Previous Next