lively-beard-47107
03/04/2022, 8:25 PM<http://api.example.com/students|api.example.com/students>
. In Keto, I check if the logged_in user has the appropriate role to do a GET request to this endpoint, and if yes, Oathkeeper allows the request to go through. Now, when it goes to the service, it is supposed to return a list of all students, which the logged in user HAS ACCESS TOO. Right now, I’m not protecting this through Keto, but I’d love to do so. The reason why, is because I’m not sure how to do it. Should the students
service directly communicate with Keto and ask for the full list of students that the logged in user has access too? Doesn’t his affect the performance significantly?steep-lamp-91158
lively-beard-47107
03/07/2022, 9:40 PMsteep-lamp-91158