https://www.ory.sh/ logo
#talk-oathkeeper
Title
# talk-oathkeeper
a

able-bear-67114

03/09/2022, 1:13 PM
is it best-practice to put kratos public endpoints behind oauthkeeper?
m

magnificent-energy-493

03/09/2022, 1:31 PM
It is required for the admin endpoints to have some protection, but the public is fine to be exposed without. edit: Not sure if it is the "best" practice to have it exposed without protecction.
a

able-bear-67114

03/09/2022, 1:33 PM
yes. that was my assumption.. i had figured oathkeeper could be the exposed point to the internet and configured to expose kratos public callbacks.. the private endpoints would be inside an internal vpc and not exposed through oathkeeper
does that make sense?
m

magnificent-energy-493

03/09/2022, 2:02 PM
Yup from my side that makes a lot of sense šŸ‘
šŸ™ 1
a

able-bear-67114

03/09/2022, 2:07 PM
thanks!
m

magnificent-energy-493

03/09/2022, 2:08 PM
Let me know how it goes. @User is also working on a Oathkeeper + Kratos guide if i am not mistaken, so he might be able to share something šŸ™‚
d

damp-sunset-69236

03/09/2022, 5:19 PM
Yep. Updated configs are available for the guide ā€˜Configuring IAP proxy with Ory Kratosā€™. However there can be versions mismatch because updated configs are in master branch of
ory/kratos
repo
Also, I have some configuration examples for my demo projects. Feel free to ask questions.
15 Views