hello i m running into an annoying issue with my oathkeeper Ory Community #ory-selfhosting

hello, i’m running into an annoying issue with my ...

numerous-umbrella-61726

03/04/2022, 11:45 AM

hello, i’m running into an annoying issue with my oathkeeper setup in production that doesn’t occur locally in development, i’m using the bearer_token authenticator to validate a legacy token that gets converted using the id_token mutator, locally this works fine and the subject is set correctly in the generated token, but for some reason in production the subject always comes through with an empty string

numerous-umbrella-61726

03/04/2022, 11:46 AM

i have verified that if i pass in an invalid (e.g. expired) token, authentication fails, so it appears to be executing the authenticator correctly

numerous-umbrella-61726

03/04/2022, 11:46 AM

and if i call the same check_session_url manually in postman i get

Copy code

{
  "sub": "291677"
}

back as my response, so i think that should let oathkeeper set the subject in the id_token

numerous-umbrella-61726

03/04/2022, 11:47 AM

is there a good way to debug exactly what oathkeeper is doing when it runs that authenticator?

numerous-umbrella-61726

03/04/2022, 11:49 AM

i had another issue previously that was caused by an AWS security group blocking traffic, but that seems to be resolved given that i now get success/failure from oathkeeper depending on the validity of the token, just the subject piece is strange

worried-kitchen-94392

03/04/2022, 1:52 PM

Hi there, I think you might have better luck on the #oathkeeper channel with this question 😅

👍 1

3 Views

Open in Slack

Previous Next