Hi Ory Team, Need some info please. We are evaluat...
# talk-oathkeeper
s
Hi Ory Team, Need some info please. We are evaluating OathKeeper. Does OathKeeper support dynamically configuring (programmatically creating/deleting using it's API) rules whenever we want via our custom microservice? We have a microservice that creates jwt token & some payloads for letting external services to send data to our backend data collection microservice. We want to use OathKeeper to verify the connection of external service using the temporary jwt token & then route the call to the target end-point. After data exchange task is done by external service & our backend service, we want to remove the temporary jwt token & end-point url from oathkeeper. Can this be achieved dynamically?
@magnificent-energy-493, could you please help with the above info?
@worried-kitchen-94392 @magnificent-energy-493 @red-sugar-49451 @modern-father-30447 @powerful-leather-36913 @famous-art-85498 @wonderful-lamp-2357 could someone please provide the info.
w
Hello there! Oathkeeper rules are static meaning they are supplied as files to the application. However, Oathkeeper supports a file watcher, meaning it does not need to be restarted to pick up changes to the rules file. Doing what you are describing is possible, but with some extra grease and elbow work, as you would need to take care of refreshing the rules file yourself. A good example would be our k8s controller https://github.com/ory/oathkeeper-maester which does exactly that: reacts on the creating of a rules CRD by refreshing the oathkeeper rules allowing for dynamic creation/deletion of rules
Sorry it took so long to get an answer, the question just flew by on my feed 😞
👍 1
s
Thank you for that info @worried-kitchen-94392. It helps.
Appreciate it.
f
quick question, why you’d like to remove the access rule after validating the JWT? I understand the mentioned JWT would be create at run time, during communication but why you need to Create&delete the rule on each such call? But like Jakub said, in general rules are dynamic and oathkeeper exposes API to interact with it (CRUD)