Guys, i am wondering why i should use oauthkeeper ...
# talk-oathkeeper
Guys, i am wondering why i should use oauthkeeper instead of using kratos and keto directly. It looks more efficient for me to use directly kratos, for instance in any request i need to know who is the user that has performed the request, therefore in any request i should query kratos in order to know it (in this point i can with the same request chek also if the user is authenticated or not). What am I missing?
in our case we have multiple authentication sources (a legacy oauth-based login that we will migrate to kratos in the future, custom access tokens, and hydra oauth tokens) that we use oathkeeper to mutate into a single internal id_token so our internal services only have to know how to parse and validate the id_token, i wouldn’t use oathkeeper if just using kratos and keto were enough for our use cases, but this keeps our unfortunately complicated authn much more independent of our application logic
I would concur with Andrew here, Oathkeeper helps with some more convoluted/complex/legacy infrastructure, but if Ory Kratos & Keto already solve everything you need no need to overcomplicate!