Hi, I’m having trouble combining anonymous AND authenticated access in combination with the

id_token

mutator. I’ve followed up on this thread https://ory-community.slack.com/archives/C01340V8KSM/p1641475222006200, posting it here too to increase visibility in hope for some help 🙂

ping @damp-sunset-69236

Hello. @gentle-bird-90474 Could you please describe a little bit more about your usecase? Do I understand correctly that you need to create JWT token for all users? Do you need to do any additional steps here?

@damp-sunset-69236 This is my usage scenario that I’m setting up at the moment: web & mobile application, both using graphql, going against oathkeeper/kratos (cloud), in which oathkeeper generates JWT tokens that are then processed by backend services. I’ll be using

cookie_session

(for Browser clients) and

bearer_token

(for Mobile apps) and

anonymous

(both clients, unauthenticated) for Oathkeeper

authenticators

. I’d like to have NO JWT token generated in the anonymous case.

Okay. I’ll try to create an example configuration for you. I can do it tomorrow. is that okay for you? 🙂

Sure, thanks a million 🙂

@gentle-bird-90474 Hey. I’m starting to create an example of configuration for you. What’s your current configuration of

access-rules.yml

? Consider removing sensitive data 🙂

- id: myrule
  version: v0.38.25-beta.1
  upstream:
    url: <http://host.docker.internal:8000/>
  match:
    url: http://<127.0.0.1|localhost>:4455/<.*>
    methods:
      - GET
      - HEAD
      - POST
      - PUT
      - DELETE
      - OPTIONS
      - CONNECT
      - TRACE
      - PATCH
  authenticators:
    - handler: cookie_session
    - handler: bearer_token
    - handler: anonymous
  authorizer:
    handler: allow
  mutators:
    - handler: id_token
    - handler: header

This is taken from my local docker-compose setup, haven’t done the deployment configuration yet but that should be similar.