Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

I am hitting another problem using oathkeeper as a decition policy engine with nginx ingress. When oathkeeper doesn't match any rules, it will return with status code 404. However nginx-ingress does not accept the auth to return 404 and in turn returns 500 to the client. This is rather bad, since the error 500 is missleading and I don't want clients to show 500 if it should show 404. Does anyone know how I can get around this issue?