lively-beard-47107
03/03/2022, 3:12 PMketo_engine_acp_ory
depricated? Should we use remote_json
for Ory Keto as well? Thank yousteep-lamp-91158
remote_json
should work, maybe you can share a small working example?happy-morning-85531
03/03/2022, 10:24 PMlively-beard-47107
03/04/2022, 8:11 PM...
authorizers:
allow:
enabled: true
deny:
enabled: true
remote_json:
enabled: true
config:
remote: ${KETO_URL}/check
forward_response_headers_to_upstream: []
payload: |
{
"subject": "{{ print .Subject }}"
}
...
NOTE: I have the services deployed in a K8s cluster. ${KETO_URL} must be the local address of Keto, inside the cluster. For some reasons, the public address did not work in my case.happy-morning-85531
03/04/2022, 8:12 PMlively-beard-47107
03/04/2022, 8:15 PM{
"id": "unique_id",
"match": {
"url": "<http://api.example.com/resource>", // The protocol should be http in order to be matched, even though the endpoint has https.
"methods": ["GET"]
},
"authenticators": [
{
"handler": "cookie_session"
}
],
"authorizer": {
"handler": "remote_json",
"config": {
"remote": "${KETO_URL}/check",
"payload": "{\"subject_id\": \"{{ print .Subject }}\", \"relation\": \"get\", \"object\": \"resource\"}"
}
},
"mutators": [
{
"handler": "header"
}
]
}