Hi all, I wonder what is the best way do do `remot...
# ory-network
g
Hi all, I wonder what is the best way do do
remote_json
authorization when using Ory network. Eventually a call needs to be made towards `https://<PROJECT>.projects.oryapis.com/relation-tuples/check' which needs to be authenticated with a PAT token in the Authorization header. I find two concerns with this approach: • cannot specify the authorization header in the
remote_json
configuration in Oathkeeper config. Am I missing something? • this requires an additional HTTP call to the Ory endpoint for every incoming request (besides the
oauth2_introspection
which we need to make in order to determine the calling identity). This means that additional 2 requests are required for each call. How can this work in a performant way for large scale APIs? Thanks !
s
yes looks like the
remote_json
lacks some header config: https://github.com/ory/oathkeeper/issues/969 would be an easy fix though
We also thought about providing basically the decision API through Ory Network to reduce the number of requests to one. Would that solve your problem, and be acceptable? Currently Oathkeeper will have to do two calls, yes.
g
Yes, definitely, decision API in the Ory network would be way better. How are other doing this, we can't be the only ones 🙂