Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hey there! I've the following question regarding oathkeeper-keto implementation. Let's consider the following use case:

A user wants to edit/create a relationship in ory keto. In order to do so, the request goes through the oathkeeper, right? The othkeeper rule ory:keto:write would first check against keto if the user is allowed to send requests to keto-write/admin/relation-tuples. If it it's allowed, the request should then proceed to keto-write. However, this endpoint needs to receive some data. And this is the data that we need to be forwarded as welll but isn't forwarderd. So, from what I see oathkeeper wouldn't be a solution to protect keto write endpoint

Is there a way to make oathkeeper to forward the payload as well?

Has anyone faced a similar issue? We've been trying to sort this out for a while without much success :sadkek: