https://www.ory.sh/ logo
Join Slack
Powered by
<@U04UQ68083H> The Ory API documentation says this...
# ory-copilot
b
@chilly-king-10285 The Ory API documentation says this:
Copy code
Documentation for all public and administrative Ory APIs. Administrative APIs can only be accessed with a valid Personal Access Token. Public APIs are mostly used in browsers.
How do you authenticate to the non-adminstrative APIs?
c
A message from kapa.ai
Based on the information provided from the Ory API documentation extracts, it appears that several operations within the Ory APIs, specifically those categorized under "frontend" methods, do not require authentication. These operations include: - Creating a native login flow - Creating a native verification flow - Creating a native recovery flow - Creating a browser verification flow - Creating a browser login flow This indicates that for these specific frontend operations, you can interact with the Ory APIs without needing to authenticate. This aligns with the documentation's distinction between public and administrative APIs, where public APIs, which are mostly used in browsers, do not always require authentication. However, for administrative actions, such as creating a project API key, authentication is required using an 
oryAccessToken
. This suggests that while some actions can be performed without authentication, more sensitive or administrative tasks require proper authentication tokens. For more detailed information on the Ory API and its authentication requirements, you can refer to the official documentation: [Ory API Reference](https://www.ory.sh/docs/reference/api).
b
@chilly-king-10285 can you template the query params in a remote authorizer? For example:
Copy code
remote:
        enabled: true
        config:
          remote: "<https://our.website.com/relation-tuples/namespace=Application&object=helloworld&subject_id={{> print .Subject }}&relation=use"
c
A message from kapa.ai
Based on the extracts provided from the Ory documentation, there is no direct mention or example of templating query parameters specifically for a remote authorizer's URL in the context you've described. The documentation does detail how to configure remote and 
remote_json
authorizers, including setting the 
remote
URL and other configurations such as headers and payload, which can be templated using Go's 
text/template
syntax. For instance, in the configuration examples for both 
remote
and 
remote_json
authorizers, templating is used within the 
headers
and 
payload
fields respectively: - For the 
remote
authorizer:
Copy code
yaml   headers:     X-Subject: "{{ print .Subject }}"
- For the 
remote_json
authorizer:
Copy code
yaml   payload: |     {       "subject": "{{ print .Subject }}",       "resource": "{{ printIndex .MatchContext.RegexpCaptureGroups 0 }}"     }
These examples demonstrate the use of templating within specific configuration fields, but do not explicitly cover the use of templating within the query parameters of the 
remote
URL itself. Given the absence of direct information on templating query parameters for the remote authorizer's URL in the provided extracts, it's advisable to consult the official Ory Oathkeeper documentation or the Ory community for more specific guidance or updates on this capability. For more detailed and up-to-date information, please refer to the [Ory Oathkeeper documentation](https://www.ory.sh/docs/oathkeeper/pipeline/authz).
2 Views
Open in Slack
PreviousNext
Powered by