https://www.ory.sh/ logo
#talk-oathkeeper
Title
# talk-oathkeeper
s

square-eye-96545

03/25/2022, 11:53 AM
Hello 👋 . I am testing out Oathkeeper and Hydra set up locally using the
oauth2_client_credentials
authenticator along with
id_token
mutator. While trying to use custom claims using the
hydrator
example in the documentation - https://www.ory.sh/docs/oathkeeper/pipeline/mutator#hydrator, I am receiving a marshaling error for
url
using this response object as described in the documentation. Has anyone used a hydrator before and can share a working example?
Copy code
{
  "subject": "anonymous",
  "extra": {
    "foo": "bar"
  },
  "header": {
    "foo": [
      "bar1",
      "bar2"
    ]
  },
  "match_context": {
    "regexp_capture_groups": [
      "http",
      "foo"
    ],
    "url": "<http://domain.com/foo>"
  }
}
h

happy-morning-85531

03/25/2022, 12:00 PM
URL should not be a string, rather a struct
If you want to see what oathkeeper forwards (and also expects as a response), just set up the hydrator to send to a page like https://webhook.site/ and you can see the request body
👍 1
s

square-eye-96545

03/25/2022, 12:10 PM
Updated the Hydrator url to this now instead of a string as https://mockbin.org/bin/cfd218b9-24c3-4a2c-81d1-a84001a27fc3 looking at the example in this threadhttps://github.com/ory/oathkeeper/discussions/942 . Unfortunately, that does not work either and fails with invalid json error. Do you have a working example to copy from?
h

happy-morning-85531

03/25/2022, 12:18 PM
I had a service (kotlin) which just had the model
Copy code
@Serializable
data class OryAuthenticationSession(
    val subject: String,
    val extra: JsonObject? = JsonObject(emptyMap()),
    val header: JsonObject? = null,
    @SerialName("match_context")
    val matchContext: MatchContext,
) {
    @Serializable
    data class MatchContext(
        @SerialName("regexp_capture_groups")
        val regexpCaptureGroups: JsonArray,
        val url: JsonElement,
        val method: String? = null,
        val header: JsonObject? = null,
    )
}
JsonElement
is just any json type, and the input would just modify the extra field with
Copy code
override suspend fun hydrateAuthSession(rq: OryAuthenticationSession): OryAuthenticationSession {
        val mapping = repository.findBySubject(rq.subject) ?: throw UnauthorizedException("No such mapping for subject")

        val modifiedExtra = (rq.extra ?: JsonObject(emptyMap())).toMutableMap().apply {
            put(ORG_MAPPING_KEY, JsonPrimitive(mapping.organization))
        }
        return rq.copy(extra = JsonObject(modifiedExtra))
    }
This worked fine together with oathkeeper running
v0.38.19-beta.1
s

square-eye-96545

03/25/2022, 12:33 PM
I am testing on
FROM oryd/oathkeeper:v0.38.23-beta.1
Let me try with you version and example
@User Got it finally working. The Oathkeerper hydrator documentation was stale causing the marshaling errors initially and then there was invalid json error after getting past it. Had to look into the Oathkeeper codebase to understand the cause. Stemmed from here - https://github.com/ory/oathkeeper/blob/d942c043aa2370b87e0dd822440ad39d809755f9/pipeline/mutate/mutator_hydrator.go#L232
👍 1
7 Views