orange-sugar-45723
02/22/2022, 1:21 PMbearer_token
authenticator.
1. We have some legacy application that uses the Authorization
header with AccessToken
instead of Bearer
which is incompatible as the authenticator just ignores it if it the first part is not Bearer
. I would like to add an option or something to accept something other than Bearer
so we can still use the `bearer_token`authenticator
2. This legacy application at the same time will also accepts basic auth credentials that are stored as OAuth2 clients in Hydra using oauth2_client_credentials
. Currently there is no way for the check_session_url
in bearer_token
authenticator to indicate that Oathkeeper should jump to the next authenticator (authn.ErrAuthenticatorNotResponsible.Error()
), would it be alright if I add for example a HTTP response code like HTTP 406 Not Acceptable (or something else) to trigger this from the session store application
What do you think about these changes, could you see at least the idea's being accepted upstream (of course depending on the implementation)?high-optician-2097
orange-sugar-45723
07/04/2022, 1:47 PM