Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hello , im using keto as an authorizer and i have this config in oathkeeper , `{`
  `"authorizer": {`
    `"handler": "remote_json",`
    `"config": {`
      `"remote": "<http://keto:4466/check>",`
      `"payload": "{\"namespace\": \"default-namespace\", \"subject\": \"{{ print .Subject }}\", \"object\": \"token:and:keto\", \"relation\": \"get\"}"`
    `}`
  `}`
`}`
What does `.Subject` hold ?

if I remember the code correctly, this comes from here: <https://github.com/ory/oathkeeper/blob/d942c043aa2370b87e0dd822440ad39d809755f9/pipeline/authn/authenticator.go#L43>

as in, it depends on which authenticator you are using

we are using kratos and session cookie as authenticator

cookie session authenticator is here: <https://github.com/ory/oathkeeper/blob/d942c043aa2370b87e0dd822440ad39d809755f9/pipeline/authn/authenticator_cookie_session.go>

unfortunately all of this stuff always requires a little bit of fiddling around, best is to look at the test and work your way up from there: <https://github.com/ory/oathkeeper/blob/d942c043aa2370b87e0dd822440ad39d809755f9/pipeline/authn/authenticator_cookie_session_test.go>