Hello dear Ory folks ! I’m trying to make oathkeeper work with Open Policy Agent for the authorization step. I see oathkeeper does its decision based on the HTTP Status code (200 OR 403) to know if a request is legit or not. On the other hand, Open Policy Agent always returns 200 and the actual result of the decision is in the JSON payload e.g.

{"allow": false}

. So I’m trying to find a way to make both understand each other and I would prefer not to have to create a new proxy service for 3 lines of code to translate the

"allow": false

to a 403. Has anyone had a similar issue or situation and if so, how did you solve it ? 🙂 Thanks a lot for your feedback / pointers ❤️

I'm also interested in figuring out how to do this.

I see there was an issue on the repo that was closed about this. We’ll probably suggest a feature branch to support OPA in the upcoming months.

Perhaps it could become a new option on

remote_json

authorizer? For instance being able to specify whether the status code or a JSON path in the response body should be the source for allow/deny decision.

Hi @steep-pencil-94861, Hi @gray-machine-46287 welcome to the Ory community! Please be mindful of the level of detail you disclose on Backmarkets infrastructure. After all, this is a public forum anyone can join. If you are planning to use Ory in a production environment, please reach out to me. We have private slack channels available and can connect you to Ory developers directly and discreetly. We will be able to discuss feature requests as well.

Hi @rich-thailand-93889 Thanks for the head’s up but I think we’re ok with the level of information we’ve given here just to understand the issue at hand and nothing essential 😉 We’re more than happy to contribute some code to the oathkeeper repo to benefit the OSS community and we’d be glad to talk and discuss things here about that.

@steep-pencil-94861 The Ory community thrives on dialog and contributions of talented individuals, volunteers, students and open source creators. Thank you personally, for being part it. We are happy to have Backmarket on board and that Ory software is part of your successful business. Many companies appreciate our support agreements to enable employees to obtain effective help for a critical part of their infrastructure. Additionally it helps Ory actively maintain and improve the project. I will send a proposal for Backmarket your way and you can consider it.

Great! But in the meantime, do you have insights about the initial question? 😇

@gray-machine-46287 The dev team is aware of your questions. Our free Community support is on a best effort basis. We will get to it as soon as possible. Thank you for your patience 🙏