Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hi, I am trying to connect Oathkeeper to Ory Keto cloud but get a 401 error because Keto requires an Authorization header containing a PAT.  Is there away to set the PAT using Oathkeeper config?

You mean, hard-code it?

A bit of guessing, but I guess your chain is:

```oathkeeper -&gt; keto/admin```
You could probably add rule to oathkeeper to listen to `/secret-admin` and then supply a header in the call with the PAT and oathkeeper would forward it on to the backend?

as in, `curl -H 'X-MyHeader: $pat' <http://oathkeeper/secret-admin>`

If you don't want validation for that URL/path (and the PAT) you can `noop` on it, and then it should forward it all to your backend. or rewrite it a bit maybe.

You could also use `remote_json` or something and do something based on the request, as in (as an example), `if subject == "127.0.0.1" {`  add the PAT, and then the PAT is _hard coded_ in your backend service etc.