Is it possible to have an optional mutator in an a...
# talk-oathkeeper
Is it possible to have an optional mutator in an access rule? Use case is that I have a service (Hasura) that can both be accessed with and without an authenticated session. I have an
mutator that should run if the request is authenticated, but should just be ignored if not. I could split it into a public and a protected endpoint (eg
), but I'd like to avoid having to determine the auth state on the clients, since the upstream url is the same anyway. The functionality I'm looking for would be something like
Copy code
    - handler: id_token
      when: authenticated # run this only when it's an authenticated request
How do you know if it's supposed to be an authenticated request but they just didn't supply credentials?
We’re kind of running into the same issue - with graphql since we can't tell immediately if the query requires auth or not
I don't really know, but the hasura server handles authorization/permissions, so I don't need to know in advance
Sounds like you could forward all requests directly to hasura and skip oathkeeper then no?
Almost, but I need oathkeeper to transform the cookie session into a JWT
Hey, cool to see more Hasura users in here! We are currently starting to work on a simple integration with Ory Kratos + Hasura. I think we can add Oathkeeper et al to the mix after that as well.
👍 2