hi, when using api gateway + oathkeeper (as a decision api), is it possible to achieve url redirect based on decision response? i.e. when user has admin permission, then go through to the admin page, if not, then redirect to normal user page.

Hi @brash-hamburger-57986, you can have url redirect at your gateway

@some-scooter-3723 thanks! but i don't find any gateway is capable to redirect based on the response it received from decision api. they usually just redirect based on the url it gets

you can refer more this document: https://www.nginx.com/blog/validating-oauth-2-0-access-tokens-nginx/ It's not about oathkeeper, but it's an example about configuring nginx to redirect to arbitrary decision engine to check authentication, then it has js module to parse result and do some other post actions (return 204 or you can redirect to others if need)

thanks for sharing! i got to know that nginx has this js module which can perform some post actions based on the decision response. i was looking at envoy based gateway like ambassador, it seems it doesn't have the ability to redirect based on the decision result.

I have a limited knowledge on Ambassador, however, after a quick look at it, I think somehow you need to find a way to inject lua script or filter plugin (kind of filter chain, I don't find any example about it but I see this sentence from ambassador doc "`If you have a long chain of Filters or a Filter that takes five or more seconds to respond, you can increase the timeout value to give your Filters enough time to run.`").

great thanks! i appreciate it. i will look more into this

No need for plugins the OSS version and paid version of ambassador/emissary ingress has an authentication service, that oathkeeper supports just need to configure to forward to oathkeeper for REST traffic to Kubernetes