https://www.ory.sh/ logo
#contributors
Title
# contributors
o

orange-sugar-45723

02/22/2022, 1:21 PM
I have two more cases that might require some patches to Oathkeeper, specifically the
bearer_token
authenticator. 1. We have some legacy application that uses the
Authorization
header with
AccessToken
instead of
Bearer
which is incompatible as the authenticator just ignores it if it the first part is not
Bearer
. I would like to add an option or something to accept something other than
Bearer
so we can still use the `bearer_token`authenticator 2. This legacy application at the same time will also accepts basic auth credentials that are stored as OAuth2 clients in Hydra using
oauth2_client_credentials
. Currently there is no way for the
check_session_url
in
bearer_token
authenticator to indicate that Oathkeeper should jump to the next authenticator (
authn.ErrAuthenticatorNotResponsible.Error()
), would it be alright if I add for example a HTTP response code like HTTP 406 Not Acceptable (or something else) to trigger this from the session store application What do you think about these changes, could you see at least the idea's being accepted upstream (of course depending on the implementation)?
h

high-optician-2097

02/22/2022, 1:53 PM
1: Sounds good 2: Interesting approach! I was thinking for a long time how to resolve such a use case. I think it requires quite a lot of testing to ensure it works well and maybe we want to run checks in parallel to improve response times? But I think a solution like this would be pretty good°!
o

orange-sugar-45723

07/04/2022, 1:47 PM
I still have to add some documentation and clean up some things but I have opened a pull request for these changes https://github.com/ory/oathkeeper/pull/982
4 Views