We are self-hosting Oathkeeper in our cluster and ...
# talk-oathkeeper
b
We are self-hosting Oathkeeper in our cluster and are using Ory Network for everything else. I am trying to point Oathkeeper at Ory Network for a remote_json authorizer to test whether the user has permission to use a specific service. But the users don't have permission to hit
/check/relation-tuples
, they get a 401. Is there a different endpoint I should be hitting for the authorizer or something different I should be doing?
This is the config for the authorizer
Copy code
authorizers:
      remote_json:
        enabled: true
        config:
          remote: "https://<our custom domain>/relation-tuples/check"
          payload: |
            {
              "subject_id": "{{ print .Subject }}",
              "namespace": "Application",
              "object": "helloworld",
              "relation": "use"
            }
I can hit
/relation-tuples/check
if I use an API key for authorization, but I can't if I use a token retrieved from calling
/self-service/login
Hi, any guidance on this would be appreciated. Is it it not possible to use Ory Network for authZ when self-hosting Oathkeeper?
I see based on this that it probably is not possible: https://github.com/ory/oathkeeper/issues/969
r
This feature is now on master!
b
Great, thanks. I ended up using an nginx proxy between Oathkeeper and Ory Network to add the Authorization header, but this would be cleaner
r
I'll tag a release tomorrow
v0.40.7 is released and ready for use
b
Excellent, thanks. I'll try to give it a try soon