Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Good morning, I am playing a bit with the dotnet sdk from Keto. Is it so meant that the GetCheck request throws an exception on "allowed: false" and then I have to catch it myself to return the "allowed: false" to the client. Like in the screenshot? The "allowed: true" response works well.

hm we mirror the response in the status code (200 vs 403), so I assume the SDK throws on 403 response codes

maybe it makes sense to have two endpoints.... the status code is needed for integrating with reverse proxies and similar services

I can confirm that the sdk is throwing a 403 error code.
What are the next steps? Does that mean there would be two endpoints with keto itself? One is for reverse proxies and other services and the other would be for manual API requests where in both cases a 200 response code would be returned and only the value "allowed" would change to true or false?

sure, i've created an issue with an repository to reproduce <https://github.com/ory/keto/issues/851>