https://www.ory.sh/ logo
Join Slack
Powered by
Hello :wave: . I am testing out Oathkeeper and Hy...
# talk-oathkeeper
s
Hello 👋 . I am testing out Oathkeeper and Hydra set up locally using the 
oauth2_client_credentials
authenticator along with 
id_token
mutator. While trying to use custom claims using the 
hydrator
example in the documentation - https://www.ory.sh/docs/oathkeeper/pipeline/mutator#hydrator, I am receiving a marshaling error for 
url
using this response object as described in the documentation. Has anyone used a hydrator before and can share a working example?
Copy code
{
  "subject": "anonymous",
  "extra": {
    "foo": "bar"
  },
  "header": {
    "foo": [
      "bar1",
      "bar2"
    ]
  },
  "match_context": {
    "regexp_capture_groups": [
      "http",
      "foo"
    ],
    "url": "<http://domain.com/foo>"
  }
}
h
URL should not be a string, rather a struct
If you want to see what oathkeeper forwards (and also expects as a response), just set up the hydrator to send to a page like https://webhook.site/ and you can see the request body
👍 1
s
Updated the Hydrator url to this now instead of a string as https://mockbin.org/bin/cfd218b9-24c3-4a2c-81d1-a84001a27fc3 looking at the example in this threadhttps://github.com/ory/oathkeeper/discussions/942 . Unfortunately, that does not work either and fails with invalid json error. Do you have a working example to copy from?
h
I had a service (kotlin) which just had the model
Copy code
@Serializable
data class OryAuthenticationSession(
    val subject: String,
    val extra: JsonObject? = JsonObject(emptyMap()),
    val header: JsonObject? = null,
    @SerialName("match_context")
    val matchContext: MatchContext,
) {
    @Serializable
    data class MatchContext(
        @SerialName("regexp_capture_groups")
        val regexpCaptureGroups: JsonArray,
        val url: JsonElement,
        val method: String? = null,
        val header: JsonObject? = null,
    )
}
JsonElement
is just any json type, and the input would just modify the extra field with
Copy code
override suspend fun hydrateAuthSession(rq: OryAuthenticationSession): OryAuthenticationSession {
        val mapping = repository.findBySubject(rq.subject) ?: throw UnauthorizedException("No such mapping for subject")

        val modifiedExtra = (rq.extra ?: JsonObject(emptyMap())).toMutableMap().apply {
            put(ORG_MAPPING_KEY, JsonPrimitive(mapping.organization))
        }
        return rq.copy(extra = JsonObject(modifiedExtra))
    }
This worked fine together with oathkeeper running 
v0.38.19-beta.1
s
I am testing on 
FROM oryd/oathkeeper:v0.38.23-beta.1
Let me try with you version and example
@User Got it finally working. The Oathkeerper hydrator documentation was stale causing the marshaling errors initially and then there was invalid json error after getting past it. Had to look into the Oathkeeper codebase to understand the cause. Stemmed from here - https://github.com/ory/oathkeeper/blob/d942c043aa2370b87e0dd822440ad39d809755f9/pipeline/mutate/mutator_hydrator.go#L232
👍 1
7 Views
Open in Slack
PreviousNext
Powered by