Hi everyone, I'm reaching out as a representative of Imhotep-SynApp, and we have recently encountered an issue with Oathkeeper, which we believe may be a bug. One of our engineers has already documented the problem on GitHub at the following link: GitHub Issue #1081. The issue we've come across pertains to Oathkeeper's handling of sensitive values in logs. By default, Oathkeeper redacts sensitive information from the logs, such as the Authorization HTTP header and cookie values. However, when we define a custom bearer token in the bearer_token authenticator, the value of this token is not being redacted. We believe this is a bug, as we have explicitly identified the custom HTTP header in the bearer_token authenticator as containing sensitive data, and it should, therefore, be redacted. We understand that your team may have limited resources and that addressing this issue may take some time. In such a case, we are more than willing to contribute to Oathkeeper as developers, starting with this particular bug. We believe in the spirit of open source and would like to collaborate to resolve this issue. Thank you for your attention to this matter, and we look forward to your response. If you require any further information or assistance from our end, please don't hesitate to let us know.

Hi! I’ll take a look at this when I’m back from vacation. In general, PRs are always welcome. 👍

Thank you very much!