gifted-teacher-2132
07/10/2023, 8:51 AMremote_json
authorization when using Ory network. Eventually a call needs to be made towards `https://<PROJECT>.projects.oryapis.com/relation-tuples/check' which needs to be authenticated with a PAT token in the Authorization header. I find two concerns with this approach:
• cannot specify the authorization header in the remote_json
configuration in Oathkeeper config. Am I missing something?
• this requires an additional HTTP call to the Ory endpoint for every incoming request (besides the oauth2_introspection
which we need to make in order to determine the calling identity). This means that additional 2 requests are required for each call. How can this work in a performant way for large scale APIs?
Thanks !steep-lamp-91158
remote_json
lacks some header config: https://github.com/ory/oathkeeper/issues/969
would be an easy fix thoughsteep-lamp-91158
gifted-teacher-2132
07/10/2023, 9:32 AM