In a

remote_json

authorizer, you can configure the payload to capture the first subpath under the URL using the

MatchContext.RegexpCaptureGroups

field. This field captures the subpaths in the URL based on the regular expression defined in the match URL of the access rule. Here is an example of how you can configure it:

yaml authorizers:    remote_json:    enabled: true    config:    remote: <http://my-remote-authorizer/authorize>    headers:    Y-Api-Key: '{{ .MatchContext.Header.Get "X-Api-Key" }}'    payload: |    {    "subject": "{{ print .Subject }}",    "resource": "{{ printIndex .MatchContext.RegexpCaptureGroups 0 }}"    }

In this example,

"{{ printIndex .MatchContext.RegexpCaptureGroups 0 }}"

will capture the first subpath under the URL. If the URL is

<http://www.my-domain.com/my-app>

, then the

resource

will be

my-app

. Please note that the regular expression in the match URL of the access rule should be defined in such a way that it captures the required subpaths in the URL. For more details, you can refer to the [Ory documentation](https://www.ory.sh/docs/oathkeeper/pipeline/authz#remote_json-example).

To define a regular expression in the match URL of an access rule, you need to encapsulate the regular expression within

<

and

>

brackets. Here is an example of how you can define it:

yaml match:   url: <http://mydomain.com/<.*>>   methods:     - GET

In this example, the regular expression

.*

is used to match any subpath under

<http://mydomain.com/>

. The

.*

means any character (.) repeated zero or more times (*). If you want to capture the first subpath, you can use a regular expression like this:

yaml match:   url: <http://mydomain.com/<[^/]*>>   methods:     - GET

In this example, the regular expression

[^/]*

is used to match any character except for a slash (/), repeated zero or more times. This will effectively capture the first subpath under

<http://mydomain.com/>

. For more details, you can refer to the [Ory documentation](https://www.ory.sh/docs/oathkeeper/api-access-rules#match-strategy-behavior).

Yes, you can change the regular expression to match only a specific subpath. This way, the rule will only match that specific subpath, and you will still be able to use the subpath captured from the regular expression. For example, if you want to match only the subpath

my-app

, you can use a regular expression like this:

yaml match:   url: <http://mydomain.com/<my-app>>   methods:     - GET

In this example, the regular expression

my-app

is used to match the specific subpath

my-app

under

<http://mydomain.com/>

. This rule will only match the URL

<http://mydomain.com/my-app>

, and the

MatchContext.RegexpCaptureGroups

field will capture

my-app

. For more details, you can refer to the [Ory documentation](https://www.ory.sh/docs/oathkeeper/api-access-rules#match-strategy-behavior).

Hmm, I don't know enough to give you a confident answer yet. The issue you're experiencing could be due to a variety of factors, such as misconfiguration of Ory Oathkeeper, network issues in your EKS cluster, or issues with the Next.js application itself. However, based on the information provided in the knowledge sources, Ory Oathkeeper can be used as a reverse proxy to authorize and route traffic to applications like your Next.js app. It's important to ensure that Ory Oathkeeper is correctly configured to proxy requests to your Next.js application. For example, in the [Zero Trust with Access Proxy guide](https://www.ory.sh/docs/kratos/guides/zero-trust-iap-proxy-identity-access-proxy), it's mentioned that Ory Oathkeeper is used to proxy requests to Ory Kratos' Public API so that all requests come from the same hostname. This is done to avoid common cross-domain issues with cookies. If you're only getting part of the page through the proxy, it might be worth checking your Ory Oathkeeper configuration, your EKS network settings, and your Next.js application to ensure everything is set up correctly. For more detailed troubleshooting, you might find the [Ory Oathkeeper documentation](https://www.ory.sh/oathkeeper/docs/) helpful.