Hey there I d like to integrate oathkeeper with ory keto pro Ory Community #talk-oathkeeper

Hey there, I'd like to integrate oathkeeper with o...

delightful-gpu-48475

07/28/2023, 2:11 PM

Hey there, I'd like to integrate oathkeeper with ory keto provided by ory console (cloud).

Copy code

authorizer:
    handler: remote_json
    config:
      remote: <https://project-slug.projects.oryapis.com/relation-tuples/check>
      payload: |
        {
          "subject_id": "{{ print .Subject }}",
          "relation": "xxx",
          "namespace": "xxx",
          "object": "xxx"
        }

The given authorizer sends a request to ory cloud but obviously returns a 401 since the API_ACCESS_TOKEN needed is not provided.

{"audience":"application","authorization_handler":"remote_json","error":{"message":"expected status code 200 but got 401", ...}

I didn't find any configuration option to specify additional headers for the request to keto. Did I miss anything? Any help is greatly appreciated, thanks in advance!

full-diamond-56778

07/31/2023, 6:21 AM

I have also this same problem. I exposed the own API endpoint in my service to check permissions, identically like

Copy code

relation-tuples/check

shy-beach-55709

08/03/2023, 7:15 PM

do you haven an authententicator configured? We have been able to use oathkeeper with a jwt authenticator and keto as authorized without issues.

shy-beach-55709

08/03/2023, 7:16 PM

@delightful-gpu-48475 @full-diamond-56778

Copy code

remote_json:
        enabled: true
        config:
          remote: <http://my-ory-keto-read-endpoint/relation-tuples/check>
          payload: |
            {}

and the payload data is taken from the JWT and configured in the access rules (we found it easier in this way, since the payload sent varied depending on the path)

39 Views

Open in Slack

Previous Next