Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hi <#C01340V8KSM|oathkeeper> Team
Any ways to allow extra data to reach the Authentication Server ??

I need a way to allow my internal services use the Same Endpoints of an existing Service
But override Authentication, Can happen only If I am bale to pass some data to the Authentication Server

Right now oathkeeper is stripping all other data and is only passing The Token and Scope params?

Hello. Can `introspection_request_headers` help you in that case?
```introspection_request_headers (object, optional) - Additional headers to add to the introspection request.```

Hello, Thanks for the solution

My requirement is to pass on the Header received from Source (So value of the Header can be dynamic),

I guess the `introspection_request_headers` can be headers with static values

Is there a way to have a list of Allowed Headers that can be passed from source or can we achieve that with `introspection_request_headers`?