Hi, I have a question about oathkeeper bearer_token token_from: query parameter auth-code. I'm trying to validate an url querystring containing the session token againts kratos /sessions/whoami route. Example: http://oathkeeper/private/api/route?auth-code=SESSSION_TOKEN TO http://kratos:4433/sessions/whoami?auth-code=SESSSION_TOKEN I think kratos doesn't accept the token in the url form (only header X-Session-Token and Authorization: bearer) and oathkeeper doesn't convert the url parameter to an "acceptable" kratos input. What would be the best way to achieve this. If it's currently not possible, and the community/dev thinks it's a good feature, I could add a simple extractor here in a PR. Thank you very much

I think you could use mutators: https://www.ory.sh/docs/oathkeeper/pipeline/mutator

A mutator transforms the credentials from incoming requests to credentials that your backend understands. For example, the Authorization: basic header might be transformed to X-User: <subject-id>

So in your access rule you should define the authenticator handler bearer_token, and add the mutator that changes modifies the credentials to a kratos accepted format.

Thank you, i will take a deeper look into mutators