We are trying to configure oathkeeper in a way, so...
# talk-oathkeepera
ancient-judge-84558
06/07/2023, 7:42 PMWe are trying to configure oathkeeper in a way, so that it is sending a proper JWT to our backend system as a Bearer token. From what I understand, we need to use an id_token mutator? But what is the correct way to configure it, so that the token can be properly validated by the backend system agains Ory? I understand that oathkeeper is creating and encrypting the JWT itself? Does oathkeeper then need the same private key in it’s JSKs, that Ory is using? And how do I set that up? Or am I completely misunderstanding how it works? Is there a documentation for this scenario that I didn’t find?
i
icy-manchester-83109
06/08/2023, 6:44 PMIt depends on what you mean by proper JWT. If you mean, oauthkeeper should create a JWT out of the subject information of the request it has authenticated so far, then yes, you should use the
id_tokenicy-manchester-83109
06/08/2023, 6:49 PMBut what is the correct way to configure it, so that the token can be properly validated by the backend system agains Ory?As you can see from the docs referenced above, the
id_tokenjwks_urlicy-manchester-83109
06/08/2023, 6:49 PMI understand that oathkeeper is creating and encrypting the JWT itself?As I've written above - yes. But it only signs the JWT
icy-manchester-83109
06/08/2023, 6:50 PMDoes oathkeeper then need the same private key in it’s JSKs, that Ory is using?Actually it is up to you, which keys to use. And, actually, no, you should provide your own key material (at least this is the recommended approach).
icy-manchester-83109
06/08/2023, 6:51 PMAnd how do I set that up? Or am I completely misunderstanding how it works? Is there a documentation for this scenario that I didn’t find?I now assume, you can gather the missing information from the links provided above. IMO it describes everything in detail
16 Views